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James 

"The phrase'cloud computing'often 
generates more questions than answers." 



Cloud Computing 

Silver lining or storm clouds ahead? 

T he IT industry is infamous for its affection for buzz¬ 
words, and the recent flurry of activity around cloud 
computing only underscores that predilection. But like 
other buzzwords heralding new technologies that have 
come before it, the phrase "cloud computing" often 
generates more questions than answers. 

The reality is that cloud computing is already being employed 
with great success in some quarters, including Google with Google 
Docs, Salesforce with its Salesforce.com offering, and a host of other 
Software as a Service (SaaS) vendors. Amazon has also been a pio¬ 
neer in this segment, offering an assortment of services for develop¬ 
ers in the cloud, ranging from Amazon Simple Storage Service (S3) to 
Amazon CloudFront, a new web-based platform that allows content 
to be delivered to users through a web browser. (You can read more 
about the early successes Google, Amazon, and Salesforce.com have 
had with their cloud computing efforts in this month's Everything 
But Microsoft column: www.windowsitpro.com, InstantDoc ID 
100832. ) 

While a bit late to the party, Microsoft has recently unveiled 
a host of services and online offerings that reside in cloud space. 
Windows Azure provides a framework for .NET developers to create 
web-centric applications, and a new range of Software Plus Services 
(S+S) products promise to bridge the gap between the web and 
your existing apps. Microsoft's new hosted Business Productivity 
Online Suite (BPOS) includes SharePoint Online, Exchange Online, 
and Windows Live Meeting, and is offered as a subscription service 
starting at $15 per user per month. 

Despite Microsoft's overdue entry into the cloud computing 
arena, a host of issues are still on the minds of IT pros considering 
moving their mission-critical apps and information onto remote 
servers controlled by someone else. With the current alphabet soup 
of corporate governance laws that many IT pros must abide by- 
including Sarbanes-Oxley (SOX), the Health Insurance Portability 
and Accountability Act (HIPAA), and the Payment Card Industry 
Data Security Standard (PCI DSS)—how can they truly keep tabs 
on who accesses their critical data in the cloud? And if other people 
access that data, what security measures and guidelines are in place 
to ensure that only the people required to view that data do so? 

For example, Microsoft's S+S approach could easily result in 
important data being spread between both on-premise and off- 
premise storage. If you're an IT manager for a large enterprise with 
geographically disparate office locations, having a well-thought-out 


set of policies that 
keeps data simulta¬ 
neously accessible 
and secure for end 
users while preserv¬ 
ing compliance with 
important corporate, 
local, state, and fed¬ 
eral guidelines can 
be a feat of epic, if 
not ulcer-inducing, 
proportions. 

Before making 
too much of the chal¬ 
lenges and obstacles 
that cloud comput¬ 
ing presents, it's 
important to remem¬ 
ber that the industry 
is already moving in 
this direction, and 
the aforementioned 
flies in the ointment 
will be addressed 
over time. 

Cloud Comput¬ 
ing: What's Your 
Take? 

So what do you think about cloud computing? We're always interested 
in hearing from IT pros, and we'd love to get your take on the debate 
over the benefits (and current drawbacks) of cloud computing fi-om an 
IT perspective. Are you already using cloud-based solutions such as 
hosted services, Google Docs, or Saleforce.com in your own organiza¬ 
tion? Feel fi:ee to send me a letter, drop me an email, or give me a call 
directly at 970-203-2775 and let me know what you think. 

InstantDoc ID 100943 


JEFF JAMES (jjannes@windowsitpro.com) is executive editor, web and 
industry, for Windows IT Pm, SQL Server Magazine, and System iNews. He 
specializes in server operating systems, systems management, and server 
virtualization. 


New Ways 
to Reach Windows 
IT Pro Editors 

We've introduced some new ways for you 
to reach the editors at Windows IT Pro. 

Twitter: Visit the Windows IT Pro Twitter 
page at www.twitter.com/windowsitpro. 
Some of our editors also have Twitter 
accounts, including yours truly (twitter, 
com/witprojeff) and Sheila Molnar 
(twitter.com/sqlmagsheila). 

Linkedln:To check out the Windows IT 
Pro group on Linkedin, sign in on the 
Linkedin homepage (www.linkedin.com), 
select the Search Groups option from the 
pull-down menu, and use "Windows IT 
Pro" as your search term. If you're an IT 
professional we'll be happy to invite you 
to join the group. 

Regional Forums: We've introduced 
regional areas in our online forums, 
allowing IT user group leaders and other 
readers interested in meeting locally 
to more easily communicate with each 
other. Visit our forums at www.windows 
itpro.com/forums and scroll down to see 
the new regional forums. 
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READER FEEDBACK ■ 


■ EBS 2008 Solution 

■ Vista Dilemma 


■ iPhone Frustration 

■ GPO Problems 


Deploying EBS 2008— 
an Intel Solution? 

I enjoyed reading 
Karen Forster's 
article "SBS 2008 
and EBS 2008: 

The View from 
the Trenches" 

(November 2008, 

InstantDoc ID 
100277) . One 
of the biggest 
hurdles that small-to-midsized busi¬ 
nesses (SMBs) face in deploying EBS is 
having to purchase three or more serv¬ 
ers. I recently discovered a solution that 
meets the product's criteria and adds 
some bonuses—including the fact that 
it's quiet! 

Intel recently released Intel Modular 
Server (IMS).This single-box solution, 
although large and heavy, includes all the 
necessary hardware to run a large SMB. 
The IMS chassis can contain as many as 
six dual-Xeon servers, each linked to an 
internal storage system that controls as 
many as 14 Serial Attached SCSI (SAS) 
drives. The storage system is more like a 
SAN than DAS, and the user defines and 
carves out LUNs and assigns them to a 
server. Apparently, the next firmware 
upgrade will enable multiple servers 
using the same LUN. All this runs at DAS 
speeds, with no Fibre Channel, no iSCSI, 
and no wires. Each server comes with two 
embedded NICs, and you can add two 
more with the addition of a mezzanine 
card. The NICs are directly attached to a 
switch inside the box with 10 external 
ports. The system can also accommodate 
a second 10-port switch. For redundancy, 
the system can accommodate three 
power supplies and a second storage 
controller. If one compute module dies, 
simply unplug it, plug in another, and it 
will boot from the already assigned LUN. 

The price is impressive, as is the ability 
to buy the basics and plug in compute 
modules and hard drives as necessary. It's 
a new class of server that might just be 
the perfect solution for EBS and more. 

—Bob Williamson 
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The Vista Dilemma 

I was amused to read "10 Reasons to Deploy 
Windows Vista" and "10 Reasons Not to 
Deploy Windows Vista" (November 2008, 
InstantDoc IDs 99986 and 99988) . Perhaps 
the articles'titles should have been "10 
Reasons to Deploy Vista at Home" and "10 
Reasons Not to Deploy Vista at Work." At my 
business, I have five vertical applications that 
are key to my operations, and none of them 
is certified to run on Vista. If I were to ask the 
folks at Microsoft, they would tell me that I 
can run Vista. However, if I ever ran into any 
problems, you can be sure that they 
wouldn't support my implementa¬ 
tion. To tell you the truth, if my appli¬ 
cations didn't require Windows, I'd 
run Linux and dump Windows. 

—Gregory A. Randis 

iPhone Frustration 

Congratulations on a spot-on iPhone 
3G article ("iPhone 3G: Still Not Quite 
Ready for Enterprise Email," Decem¬ 
ber 2008, InstantDoc ID 100479) . As 
a former Windows Mobile user and 
current iPhone user, I constantly ask 
myself when my iPhone pet peeves 
will force me to revert to a less 
polished but more work-oriented 
phone. Adding to my frustration is 
Apple's refusal to acknowledge or 
provide a roadmap for enterprise customers. 

—Rene Garcia 

GPO Problems 

I enjoyed Darren Mar-Elia's "Securing Win¬ 
dows Desktops Using Group Policy" (Novem¬ 
ber 2008, InstantDoc ID 100264) . I'm using 
Group Policy to create an Internet Explorer 
(IE) security policy for my users. I add my 
users to this Limited Internet group, and they 
get a policy that locks down their Internet 
access. I create a false rating and block out a 


list of sites; users can access only the listed 
sites. I have a logon script that populates 
the policy with permitted sites and enables 
the registry key switch to turn on the filter. 
Lately, my solution has stopped working or 
works only sporadically. I also notice that 
depending on the domain controller (DC) 
that users log on to, they get an older version 
that doesn't seem to replicate properly. Do 
you know any way to make this policy more 
efficient? Or do you know a better way to 
accomplish my goal? 

—Michael La Bara 



Thanks for your letter. I assume you're using 
the Content Rating feature in the IE Mainte¬ 
nance policy to control allowed or disallowed 
sites. If you are, Tm not sure I follow what you 
mean by creating a false rating. In the past, 

Tve simply accessed the Content Advisor's 
General tab, in which I can configure the 
policy so that the user can see sites with no 
ratings (as Figure 1 shows). Then, I simply set 
my allow and disallow list. ^ 

—Darren Mar-Elia 

InstantDoc ID 100868 


Windows IT Pro welcomes feedback about the magazine. Send comments to letters(S)windows 
itpro.com, and include your full name, email address, and daytime phone number. We edit all 
letters and replies for style, length, and clarity. 
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Start the 
New Year 
as a Winner 

Get rewarded just 
for requesting 
free information. 

Windows IT Pro 
and SQL Server 
Magazine offer 
many valuable 
resources for IT 
pros and devel¬ 
opers; enroll in 
one of four select 
resources and be entered to win a 
monthly giveaway for an 8GB Zune. 
Enter the January giveaway today! 
windowsitpro.com/Giveaways 

Manage Costs in Your Enterprise 

Download this eBook 
and get a solid foun¬ 
dation in the basics of 
business process auto¬ 
mation (BPA), a look 
at the way BPA tools 
work, and an under¬ 
standing of how they can benefit both 
IT and overall business efficiencies. 
Learn where BPA fits into your busi¬ 
ness process, how it differs from other 
scripting and scheduling techniques, 
and how your business can benefit 
from implementing a BPA solution. 
www.windowsitpro.com/qo/BPA 

Considerations for Effective 
SharePoint Compliance 

Whether your organization already 
uses SharePoint or is pursuing a new 
implementation, a successful Share- 
Point 2007 deployment must meet 
compliance restrictions. This unique 
web seminar explores compliance- 
related risk factors associated with 
unsuccessful SharePoint deployments; 
enforcement of retention and com¬ 
pliance policies via archiving; and 
monitoring access to and usage of 
SharePoint and its content for adminis¬ 
tration, optimization, and compliance. 
windowsitpro.com/qo/SPCompliance 
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A S I breathe in the fresh air of 
2009,1 relish the opportunity 
to forget all my 2008 wrongs 
and look forward (overconfi¬ 
dently) to a new year of prom¬ 
ises kept and resolutions met. 
Given that my 2008 was plagued by too 
many bad-mannered vote-offs in negative 
reality TV shows, Td like to start my year 
positively with my 8 favorite resources from 
last year. 

• Cloud computing roundtable at TechEd 
2008, ptirts 1 and 2 (www.windowsit 
pro.com/go/cc-roundtable) —Executive 
Editors Amy Eisenberg and Jeff James 
interview experts Sean Deuby, Guido 
Grillenmeier, Michael Otey, Rhonda 
Layfield, and Mark Minasi for their 
thoughts about cloud computing. 

• "10 Reasons to Deploy Windows 
Vista" (November 2008, InstantDoc ID 
99986) —If you read my blog post "Love 
at First Vista" (InstantDoc ID 96849) , you 
know that 1 said goodbye to Windows XP 
without a second thought. Mark Minasi's 
arguments provide good reason to feel 
that way. 

• "10 Reasons Not to Deploy Windows 
Vista" (November 2008, InstantDoc 
ID 99988) —1 like Vista, so this one is 
strictly for those readers who don't. (And 
because Alan Sugano makes some good 
points, 1 suppose.) 

• "PowerShell 101, Lesson 1" (Febru¬ 
ary 2008, InstantDoc ID 97742) —This 
article will help you get started with this 
powerful yet flexible scripting language. 

• "Gold Meded SharePoint Applications 
in Beijing" (August 2008, InstantDoc ID 
99504) —If getting Dan Holme's behind- 

We're in IT with You 


December's Online Gifts 

• An introduction to System Center 
Mobile Device Manager (InstantDoc 
ID 100787) 

• Learn about a host-based firewall 
called Little Snitch (InstantDoc ID 
100793) 

• Deploy the JRE using Group Policy 
(InstantDoc ID 100550) 

• Use PowerShell's command search 
effectively (InstantDoc ID 100792) 

Find more free and VIP-only web arti¬ 
cles at www.windowsitpro.comi 


the-scenes perspective on NBC's cover¬ 
age of the 2008 Olympic Games isn't 
enough of an attraction, his four real-life 
solutions make this article a must-read. 

• "Apple Envy in Redmond" (October 
2008, InstantDoc ID 100045) — If there's 
anything 1 like more than someone who 
knows his stuff, it's someone who knows 
other stuff too. Jeff James' first Every¬ 
thing But Microsoft column shows that 
there's life beyond Microsoft. 

• "New Belgium Brews a Potent Unified 
Communications Combo" (December 
2007, InstantDoc ID 97481) —A Decem¬ 
ber 2007 article doesn't quite count, but 
it's a great real-life overview of a unified 
communications setup, so you have to 
give me it. (Besides, it's about a brewery!) 

• "If I Ran Microsoft" video contest 
entries (ittv.net) —People sharing what 
they would do. Need 1 say more? 

View the above content, as well as my 

extended blog, at www.windowsitpro.com. 
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If knowledge is power, then managing it is genius. 
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Thurrott 

"Microsoft is aiming Hyper-V Server at SMBs that 
haven't upgraded to Server 2008 but would like 
to implement hypervisor-based virtualization 
technology." 


NEED TO KNOW 


What You Need to Know About Microsoft 
Hyper-V Server 2008 


W hen Microsoft revealed the pricing for Windows 
Server 2008, an unexpected entry appeared in the 
list: a newAWndows Server version called Micro¬ 
soft Hyper-V Server 2008. Actually, two Microsoft 
products share the name Hyper-V One product is 
a role in Windows Server 2008: Windows Server 
2008 Hyper-V The other is a standalone server-virtualization product: 
Microsoft Hyper-V Server 2008, a free download from the Microsoft 
website. Microsoft is aiming Hyper-V Server at small-to-midsized 
businesses (SMBs) that haven't upgraded to Server 2008 but would 
like to implement hypervisor-based virtualization technology in their 
environments. Here's what you need to know about Microsoft Hyper- 
V Server 2008. 

What Is Microsoft Hyper-V Server 2008? 

At a technical level, Hyper-V Server doesn't include Server 2008 or 
Server Core, so there's no traditional OS installed in the parent parti¬ 
tion. Instead, a hare-bones command-line environment provides 
basic functionality, such as the ability to join a domain or change a 
computer name. And unlike Server 2008 Hyper-y you need to license 
all the OSs that run on Hyper-V Server. 

Conspicuously missing is the ability to install virtualized OS envi¬ 
ronments in the system's child partitions. To perform such an action, 
you need to access the server remotely using the Hyper-V Manager 
console, which comes with Server 2008 and is available as a free 
download for the 32-bit and 64-bit versions of Windows Vista SPl. 

Installing Hyper-V Server 

Hyper-V Server has the same hardware requirements as Server 2008 
with Hyper-V It requires a server with an x64-compatible Intel or 
AMD microprocessor with hardware-assisted virtualization (Intel VT 
or AMD-V) and hardware Data Execution Prevention (DEP) support 
via the Intel XD or AMD NX bit. 

Hyper-V Server installs much like any other Server 2008 version 
and uses the same interactive setup routine. When setup is complete, 
it prompts you to provide a lengthy password for the administrator 
account, then presents you with a Server Core-type screen, with two 
command-line windows floating over an empty desktop. 

You can't install additional OSs from this interface. You can, how¬ 
ever, perform a few basic housekeeping tasks, such as join a work¬ 
group or domain, assign the computer name, configure basic network 
settings, add a local administrator account, configure Windows 


Update, configure remote desktop, configure regional and language 
settings, and set the date and time. To actually install and manage 
VMs, however, you need to use Hyper-V Manager (or a related tool 
such as System Center Virtual Machine Manager 2008) from another 
PC or server. 

Using Hyper-V Manager 

Getting Hyper-V Manager up and running on Server 2008 is 
straightforward, but many people have experienced difficulties 
connecting to a Hyper-V environment (whether in Server 2008 or 
Hyper-V Server) from Vista. These problems are exacerbated by 
Microsoft's documentation, which, to date, doesn't address these 
difficulties. You will likely receive an error message the first time 
you try to remote-connect to a Hyper-V environment from Vista 
using the Hyper-V Manager console. How you fix this connection 
problem will depend on your environment. The best explanations 
I've seen so far can be found in Microsoft senior program manager 
John Howard's blog at tinyurl.com/jhoward. Howard works on the 
Hyper-V product. 

After Hyper-V Manager connects to the virtualization server, 
management is straightforward. Prom its standard three-pane 
Microsoft Management Console (MMC), you can create new VMs, 
import VMs (but only from other Hyper-V environments), and 
inspect and edit virtual hard disk (VHD) files. You can also manage 
virtual networks with the Virtual Network Manager tool, which is 
particularly useful for testing. With it, you can create virtual networks 
isolated from each other and the host environment, as well as create 
virtual networks that can interact with other virtual networks and 
with the host. 

Recommendations 

Hyper-V Server is a great way to get started with Microsoft's new 
virtualization platform, especially if you're not ready to migrate to the 
latest Windows Server version. Hyper-V is a great solution for midsized 
businesses that want to stick with Windows Server 2003 for a while 
and for those who need to test environments locally. And as a free web 
download, you can't beat the price. ^ 
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WINDOWS POWER TOOLS 


Minasi 

"Forfiles' syntax is a bit ugly, but 
the tool is so useful that you'll forgive 
its command-line unsightliness." 



Forfiles Processes Scripts—Without Scripts! 

Check out this powerful alternative to the For command 


O ne of our primary reasons for learning about non- 
GUI tools is to automate certain tasks. Often, how¬ 
ever, the difficulty of automating a task isn't finding 
the command-line tool that accomplishes it but 
rather learning a necessary scripting language such 
as PowerShell or VBScript. You might remember 
a tool called For, which I covered in this column last year ("The 
Power of For," InstantDoc ID 96539) . The For command essentially 
lets you script without scripting: It lets you apply certain com¬ 
mands to a series of files or folders. This month, I want to take 
a look at a similar tool called Forfiles, which—in some ways—is 
more powerful than For. (Windows Vista includes Forfiles in the 
box for the first time, but it's been part of the resource kit since 
Windows 98.) 

Odd Syntax 

Forfiles' syntax is a bit ugly, but the tool is so useful that you'll forgive 
its command-line unsightliness. Basically, Forfiles first searches a set 
of folders for files and folders that meet certain criteria, such as all 
.exe files in the C:\myfiles folder (and its subdirectories) that have 
been modified in the past 10 days. For each file or folder that Forfiles 
finds, the tool creates variables—with names such as (a)file, (a)ext, 
@path, and so on—in which it stores certain information (e.g., the 
file or folder's name, its extension, its full file specification, its size, 
whether it's a file or a folder, the date and time it was most recently 
modified). You can then use specific options to instruct Forfiles what 
to do with each of those files or folders. 

Forfiles takes five basic options. The first, /p (for path) instructs 
Forfiles where to search, as in /p C:\ or /p C:\datafiles. For example, 
to instruct Forfiles to show you all the files in a folder named E:\ 
datafiles, you'd type 

forfiles /p E:\datafiles 

Of course, that's a trivial use of the tool. You can use the Dir E:\data- 
files command to accomplish the same task. But it does illustrate a 
bit of Eorfiles' syntax oddity. 

What if you want to instruct Eorfiles to display only files with 
names that start with "t"? Anyone with a small amount of experience 
with Windows command-line files would expect to type 

forfiles /p E:\datafiles\t* 


But that command wouldn't work with Forfiles because the /p 
option is solely for specifying a path. To use a wildcard to filter the 
files and folders within that path, you need to add the /m (for mask) 
option, along with the pattern you want Forfiles to use. (Why did the 
author of Forfiles choose to complicate the familiar, simple method¬ 
ology of using a path with wildcards? It's a mystery to me.) 

The third option, /s (for subdirectories), takes no parameters. As 
with many other Windows command-line tools, this option simply 
tells Forfiles to search not only inside the path but in any of that 
path's subdirectories. 

The /d (for date) option adds the ability to select files based on 
their date-modified value. You can instruct Forfiles to include only 
files modified exactly n days ago by adding /d -n, where n is a num¬ 
ber between 0 and 32,767. So, to see only files from the E:\datafiles 
folder modified three days ago, you'd type 

forfiles /p E:\datafiles /d -3 

Alternatively, you can instruct Forfiles to display only files modified 
before or after a particular date. Typing +mm/dd/yyyy selects only 
files modified after that date, and typing /d -mm/dd/yyyy selects 
only files modified before that date. So, to display files last modified 
on June 1,2006, or before, you'd type 

forfiles /p E:\datafiles /d -06/01/2006 

Forfiles' final option is /c (for command), which tells Forfiles what 
to do with the files and folders that it finds. If you don't specify the /c 
option, Forfiles simply shows you the files that it's collected. But the 
/c option lets you do so much more. I'll cover that next time. 

More than For 

The For command is powerful and, in some cases, easier to use than 
Forfiles. However, Forfiles makes it easier to select files or folders 
based on several criteria, including file size and modification date. 
Furthermore, Forfiles makes it much easier to write commands that 
manipulate just part of a file's name. Once you get past the initial 
learning curve, Forfiles can be a great addition to your toolkit. 

InstantDoc ID100643 
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Otey 

"I knew of Quest Software's PowerGUI, a free 
PowerShell development tool, and decided to 
give it a try. I was hooked in seconds." 


Features of PowerGUI Script Editor 

Put a GUI face on your Windows PowerShell scripting 


was involved in a project recently where 1 was converting a 
number of Windows shell scripts to Windows PowerShell 
scripts. Fed up with Notepad, 1 began looking for develop¬ 
ment alternatives. 1 knew of Quest Software's PowerGUI, a 
free PowerShell development tool, and decided to give it a 
try. I was hooked in seconds. PowerGUI solved my PowerShell 
development woes by providing a productive .NET-style development 
environment for scripts. If you're into PowerShell development, I defi¬ 
nitely recommend giving PowerGUI a try. You can download it from 
powergui.org/index.jspa. My top ten features of PowerGUI are: 

€ [^ Graphical editor—The core of PowerGUI is its graphical editor. 
As you would expect, the editor provides basic editing and cut- 
and-paste functionality. It also provides a split-view window 
that lets you work on two different sections of the same script. In 
addition, the editor provides integrated line numbers on the left 
side of the window, which makes it easy to locate lines that generate 
script errors. 

O Tab-based development environment—The PowerGUI devel¬ 
opment environment uses a tabbed interface. Unlike Notepad's 
single-document interface, PowerGUI lets you open multiple 
scripts simultaneously in different tabs, which facilitates reading 
related scripts and copying and pasting between them. 

O IntelliSense-style PowerShell prompting—Although it's not 
the full-blown IntelliSense that Microsoft Visual Studio offers, 
PowerGUI's IntelliSense-style prompting is a real asset in help¬ 
ing you learn about and use the various PowerShell cmdlets. The 
PowerGUI prompting provides cmdlet name completion, and it also 
displays the parameters for each PowerShell cmdlet. 

O PowerShell libraries—PowerGUI lets you manage Power- 
Shell snap-ins that add functionality to your PowerShell 
development environment, such as providing access to Active 
Directory, Microsoft Exchange Server, and Microsoft SQL Server. 
The PowerGUI Library includes several snap-ins that you can down¬ 
load from powergui.org/kbcategory. j spa?categoryID=21 . 

O Code snippets—PowerGUI includes templates that make it eas¬ 
ier to create syntactically correct PowerShell scripts. PowerGUI's 
code snippets are accessed by right-clicking in the editing win¬ 


dow. The PowerShell snippets include foreach. Do While, Do Until, 
For, If, Else, and many other common PowerShell statements. 

O Output window—The Output window is shown in the lower 
right of the development environment. It displays the output 
from the currently executing script. It also displays full error mes¬ 
sages, which can be a big help during your initial script development. 

O Run in External PowerShell Window—The Run in External 
PowerShell Window option launches a new PowerShell 
console window in which to execute your script. I found the 
Output window most useful during the beginning stages of a script's 
development, but I found the external window option more useful 
near the end of the process because it runs the script just like your 
production environment would. 

O Script input ptirameters—Developing your scripts is just the 
starting point. You also need to run them, and you might need 
to supply one or more parameters. The Input script parameters 
here box at the top of the PowerGUI Integrated Development Envi¬ 
ronment (IDE) lets you provide script input parameters and easily 
see the value of the parameters that are used. The input parameters 
are shared between all open scripts in your IDE. 

O Locals window—The Locals window is a really nice debug¬ 
ging feature. Displayed by default in the lower left corner of 
the development environment, the Locals window shows all 
of your script variables and their values. It also displays any instanti¬ 
ated .NET objects and lets you drill down into their properties. 

O Integrated debugger—Without a doubt, the integrated debug¬ 
ger is my favorite PowerGUI feature. I've been looking for 
the ability to debug PowerShell scripts for some time, and 
PowerGUI provides exactly what I wanted. The debugger lets you 
set breakpoints and gives you the option to single-step through your 
code. You forget just how useful a good debugger is when you don't 
have one for a while. This feature really sped up my script develop¬ 
ment and helped me to write better scripts. ^ 
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WHAT WOULD MICROSOFT SUPPORT DO? 


Morales 

"WMIDiag can help diagnose the 
underlying dependency that's 
causing a WMI issue." 



Resolve WMI Problems Quickly with WMIDiag 

The WMI Diagnosis utility gives you fast, powerful help in diagnosing WMI-related 
system problems 


A s a Windows administrator, you've probably encoun¬ 
tered errors reported by Windows Management 
Instrumentation (WMI). For WMI problems that 
customers report to the Microsoft Global Escalation 
Services team, weVe found that the root cause usually 
lies with an underlying dependency, such as DCOM 
settings, the registry, or the file system. A tool we often use in such 
situations is the WMI Diagnosis (WMIDiag) utility, which you, too, 
can use to help diagnose the underlying dependency that's causing 
the WMI issue and even suggest ways to fix the problem. You can 
download WMIDiag at go.microsoft.com/fwlink/?LinkId=62562 . 

WMI Architecture 

To help you understand how to use WMIDiag, let's briefly review 
WMI's architecture. You can use WMI classes in scripts or applica¬ 
tions to automate administrative tasks on remote computers, which 
is especially useful for managing a large number of systems. The 
WMI architecture contains three main components: 

• WMI providers and managed objects: WMI providers are rep¬ 
resented as COM objects and monitor objects such as logical or 
physical hard drives, OSs, processes, or services. 

• WMI infrastructure: The infrastructure comprises the WMI ser¬ 
vice (winmgmt.exe) and the WMI repository, which is organized 
by namespaces, such as root\default or root\cimv2. The WMI 
service acts as the intermediary between WMI providers and 
the WMI repository. WMI obtains most data dynamically from 
the provider when a client requests it. 

• WMI consumers (clients): A consumer can be a script or an 
enterprise application such as Microsoft System Center Opera¬ 
tions Manager. Consumers can query WMI for system infor¬ 
mation, subscribe to events (e.g., when a policy changes on a 
system), or run management tasks remotely. 

For more information about WMI, see msdn.microsoft.com/en-us/ 
library/aa394582(VS.85).aspx and the articles in the Learning Path 
at www.windowsitpro.com , InstantDoc ID 100845 . 

What's WMIDiag? 

WMIDiag is written in VBScript and can be run from the command 
line or by simply double-clicking the WMIDiag.exe file. When run 
without any command-line arguments, the tool verifies dozens of 
settings, registrations, service states, binary availability, suspicious 


shutdowns, and DCOM-related event log entries. 

WMIDiag can diagnose problems such as these: 

• Scripts fail to run or completely hang. 

• Enterprise systems management applications such as Microsoft 
Systems Management Server (SMS), System Center Operations 
Manager, or HP OpenView fail to run routine tasks. 

• Software and hardware inventory fails to collect some or all of 
the required information. 

• Applications or service packs fail to install properly. 

• Group Policy Objects (GPOs) fail to be deployed. 

• Various DCOM error events logged in the Application event log 
indicate application failures. 

A Real-Life WMI Problem 

I recently worked with a customer who couldn't successfully run soft¬ 
ware inventory reports for several Windows XP SP2 clients. Software 
inventory reports are an important tool for ensuring your organiza¬ 
tion's software licensing and update compliance. Inventory-scanning 
applications such as SMS or System Center Configuration Manager 
2007 connect to WMI and retrieve the instances of the Win32_Service 
class to determine what services are running on the system. So as our 
first step, we ran the built-in WMI tool WBEMTest on the customer's 
system (click Start, Run, and enter wbemtest); connected to the root\ 
cimv2 namespace; and ran the following query: 

Select * From Win32_Service 

This query should have returned all the services running on that sys¬ 
tem. Instead, we received the error that Figure 1, page 12, shows. 

As you can see, the error description. Provider load failure, is 
cryptic. As I mentioned earlier, providers are represented as COM 
objects. If COM objects aren't registered properly, they can't be 
loaded—thus resulting in the error in Figure 1. The question still 
remained, which provider wasn't registered properly? To help 
answer this question, our next step was to run WMIDiag. 

Putting WMIDiag to Work 

Running WMIDiag produces three files, by default in the %TEMP% 
directory: 

• A .log file containing a verbose output of the WMIDiag tool 
activity. 

• A .txt file containing a summarized report with warnings and 
errors worthy of investigation. 
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■WHAT WOULD MICROSOFT SUPPORT DO? 



Figure 1:WMI query error 


• A .CSV file containing statistics that can 
be used to measure trends in WMI 
issues over time. 

You'll want to look at the summarized .txt 
file. In the report file for our customer's WMI 
issue, we saw the error that Figure 2 shows, 
which identifies the failing provider. Notice 
in Figure 2 that WMlDiag also gives sugges¬ 
tions for resolving the issue. In this case, the 
resolution was to reregister the provider by 
issuing the command suggested by WMlD¬ 
iag (c:\regsvr32.exe tscfgwmi.dll). Note that 
when a query is made, all providers for that 


class and derived classes will be 
loaded. In our case, the base class 
being queried was Win32_Service, 
and one of the derived classes is 
the Win32_TerminalService class, 
which means that the Terminal 
Services WMI provider will be 
loaded as well. Reregistering the 
provider identified by WMlDiag 
resolved the issue for our cus¬ 
tomer and enabled the customer 
to collect a full software inventory 
report. 

Another issue 1 recently 
worked on involved applying 
GPOs. Domain controllers (DCs) 
in our customer's environment were com¬ 
pletely failing to process GPOs. As a result, 
the following Userenv errors were logged 
in the Application event log every five 
minutes: Windows cannot hind to xxxx 
.com domain. (Timeout). Group Policy pro¬ 
cessing aborted. 

This sort of error can be especially frus¬ 
trating because it's so generic and offers no 
helpful hints about where to start inves¬ 
tigating the problem. I've found that the 
best place to start troubleshooting is with 
the DCOM settings because DCOM affects 
connectivity and permissions to the entire 


system. WMlDiag will help diagnose incor¬ 
rect DCOM settings and give you the exact 
commands that you can run to fix the con¬ 
figuration setting. 

After 1 ran WMlDiag on the customer's 
system to help troubleshoot the GPO errors, 
1 got the output that Figure 3 shows. As 
in the previous troubleshooting instance, 
WMlDiag not only revealed what was wrong 
but also provided options for resolving the 
issue. The GUI option, running dcomnfg 
.exe, could be suitable to fix a small number 
of systems, whereas the command-line 
option would be appropriate for scripting 
a solution to fix a large number of systems. 
Running dcomnfg.exe fixed the problem on 
the customer's two DCs after making the 
changes recommended by WMlDiag and 
rebooting the server. 

Note that you can use WMlDiag to ana¬ 
lyze the health of WMI on hundreds of serv¬ 
ers simultaneously. To do so, run WMlDiag 
with the SMS parameter, which suppresses 
message boxes that are normally displayed 
when run interactively. If you want to desig¬ 
nate a remote file share to store all the files 
created by WMlDiag, run WMlDiag with the 
LogFilePath parameter and specify the file 
path. 

Microsoft Support Offers 
WMlDiag Help 

Would you like to have Microsoft Support 
diagnose your WMlDiag output? Although 
we can't guarantee that we'll respond to 
every question, you can send your WMl¬ 
Diag outputtowmidiag@microsoftxom, and 
our tech support team may be able to help 
diagnose your issue. Please briefly describe 
the issue in your email. And send me your 
suggestions or questions about the use 
of WMlDiag, or visit www.microsoft.com/ 
technet/scriptcenter/topics/help/wmidiaR 
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Figure 2: WMlDiag output showing specific provider that failed 
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Figure 3: WMlDiag showing DCOM error 
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SOLUTIONS FROM YOUR PEERS ■ 


TOOL TIME 

windows itpro.cotti|\ 


Test Connectivity to Remote 
Email Servers with TestMX 

It's probably happened to you at some 
point: Users are unable to email people 
at a specific domain. As the administra¬ 
tor, it's your job to find and solve the 
problem. 

As you divide and conquer your 
way to a solution, you'll no doubt 
want to try to "manually" connect to 
the destination email server. You can 
accomplish this by using Telnet to 
connect to port 25 of the destination 
server. To find that server's host name, 
you can use a command-line utility 
such as Nslookup or a web-based DNS 
tool such as the one at www 
.iptools.com . However, there's an easier 
way to quickly determine whether 
your email server can connect to the 
destination server: Use TestMX. 

You can download TestMX from 
www.dataenter.co.at/download.htm. 
After doing so, copy testmx.exe to the 
root of the C drive on your email server. 
Installing it on an email server rather 
than a PC prevents problems with fire¬ 
walls and reverse lookups and ensures 
that you're comparing apples to apples. 

To use TestMX, open up a command 
prompt and type: 

testmx -dDomain 

where Domoin is the name of the 
domain that you want to test. Note that 
there should be no space between the 
-d and the domain name.TestMX then 
takes care of finding and connecting to 
the email servers in that domain. 

That's it! In just a few short seconds, 
you can useTestMX to confirm connec¬ 
tivity to the remote email server. With 
this information, you can then move to 
the next step in your troubleshooting 
process. 

—Eric B. Rux, senior 
Windows administrator 
and cofounder of 
WHSHelp.com 

InstantDoc ID 100732 
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■ Folder Redirection 


Redirect More Folders 

A nice feature of Active Directory's (AD's) 
Group Policy Objects (GPOs) is folder redirec¬ 
tion, which was introduced in Windows 2000. 
In folder redirection, special folders typically 
found on users'local computers are moved 
to a server. This is often done to ensure those 
folders will be backed up regularly. However, 
Windows restricts its use to only four user 
folders—Application Data, Desktop, My 
Documents, and Start Menu—without giv¬ 
ing you an option to redirect other folders. 

Sometimes companies might want to 
redirect other special user folders. A com¬ 
mon scenario is a company that doesn't 
want to use roaming profiles because they 
make clients heavily dependent on file 


Figure 1: Sample .reg file 

servers, consume a lot of bandwidth, and 
use a lot of server disk space, but the com¬ 
pany finds that redirecting only the four 
folders is inadequate. Redirecting other 
folders such as Cookies, Favorites, Recent 
Files, and SendTo consumes little disk space 
but offers the advantage of saving users a 
lot of time because these folders are avail¬ 
able on all computers they log on to. 

Although you can't use GPOs to redirect 
more folders, you can redirect them by 
tweaking the registry. Settings for users' 
special folders reside in the HKEY_CURRENT 
_U S E R\Soft wa re\M i crosoftXWi n d o ws\ 
CurrentVersion\Explorer\Shell Folders and 
HKEY_CURRENT_USER\Software\Microsoft\ 
Windows\CurrentVersion\Explorer\User 


■ Admin Test 

■ IE 7.0 Favorites 


Shell Folders keys. To achieve redirection, 
you must tweak both keys at the same time. 

For example, suppose you want to 
move the Favorites folder from users' local 
machines to your server. All you have to do 
is follow these steps: 

1. In the Shell Folders and User 
Shell Folders keys, set the Favorites 
entry to the value of WServerA/ameX 
RedirectedFolders\%username%\Favorites, 
where ServerName is the name of the 
server on which the Favorites folder will 
reside. Note the %username% variable in 
the value. By using this variable instead of 
hard-coding a user's name, you can use a 
logon script to change the registry settings 
in many machines. 


2. Export the settings for the Shell Fold¬ 
ers and User Shell Folders keys to a .reg file. 
Delete all but the Favorites settings, so that 
the .reg file looks like that in Figure 1. 

3. Copy the .reg file to a shared folder 
on the DC, such as a folder created for 
scripts and their associated files. 

4. Create the following logon script to 
import the .reg file into the registry: 

net use X: "RegFilePath" 
reg.exe import X:\RegFile 
net use X: /d /y 

where X is the drive on which the .reg file is 
stored (e.g., Z), RegFilePath is the path to the 
.reg file (e.g., WDCIXScripts), and RegFile is 
the name of the .reg file (e.g., Favorites.reg). 
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Windows Registry Editor VErsion 5.00 
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■ READER TO READER 


This script uses the Net 
Use command to con¬ 
nect to the shared 
folder containing the 
.reg file. After the 
connection is made, 
the reg.exe import 
command copies that 
file's contents into the 
registry. Finally, the 
script uses the Net Use command to 
delete the connection that was temporarily 
created. 

Alternatively, you can use a logon script 
that contains only one line: 
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trator permissions, 
then deletes the 
key it just created. 

If the script is 
unsuccessful, 
it displays the 
message box that 
Figure 2 shows. 

You can down¬ 
load LocalAdmin- 
Test.vbs by going 
to www.windowsitpro 
.com, entering 100476 in the InstantDoc 
ID box, clicking Go, then clicking the 
Download the Code Here 
button. You don't have 
to make any modifica¬ 
tions to the script 
before running it. 

—Harry Verge, senior 
technology specialist, 

TELUS 

InstantDoc ID 100476 

Easily Add URLs to Internet 
Explorer 7.0's Favorites Tree 

I like the new features in Internet Explorer 
(IE) 7.0, especially the tabbed browsing. 
Flowever, I found the new Add to Favorites 
feature somewhat cumbersome. A problem 
arises when you have a large Favorites tree 
that has many folders with multiple levels 
of subfolders. When you click the Add to Fa¬ 
vorites icon (i.e., the green plus sign in front 
of a yellow star), select Add to Favorites, and 
click the Create in drop-down list, you're 
presented with an unwieldy fully expanded 
tree. To date, there isn't an option in IE 7.0 
to disable this automatic expansion. 

Flere's a simple procedure I devised to 
gain control of this situation: 

1. Go to the website of your choice. 

2. In IE's address bar, left-click the URL 
icon that's immediately to the left of the 
URL. With the left mouse button held down, 
drag the icon upward and off of the address 
bar field into the IE window's page header. 
Drag it just to the point where it turns into 

a shortcut icon (i.e., a white square box with 
an arrow in it). 

3. With the left mouse button still held 
down, press the left Alt key and just tap 
the C key (i.e., keep the Alt key depressed 
but don't keep the C key depressed). An 
unexpanded Favorites tree in which you 
can easily see your root-level folders will 
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Figure 2: Message noting that the current user isn't a local 
administrator 


pop up. If the Favorites tree doesn't pop 
up, try clicking somewhere on the web 
page to take the emphasis off of 
the address bar, then repeat steps 
2 and 3. Note that the Favorites 
tree might already be somewhat 
expanded if you recently manu¬ 
ally expanded folders in the tree. 

4. With your left mouse button 
still held down, release the Alt 
key and continue to drag the 
shortcut icon to the target folder. 

If you hover over a folder for 
about a second, the folder will automati¬ 
cally open. If you make a mistake and don't 
want to add the shortcut to the folder 
you're hovering over, press the Esc key 
before releasing the left mouse button to 
cancel the drag operation. This will prevent 
dropping the shortcut on some random 
folder. 

5. When you have the shortcut icon in 
the desired location, release the left mouse 
button. Note that if 
you inadvertently 
used the right 
mouse button 
in steps 2 
through 4, 
you'll need to 
select Create 
Shortcuts Flere to 
finish creating the 
shortcut. 

You can find a demonstration of this 
technique on the ITTV website at ittv 
.net/VideoPlayer/tabid/57/Videold/165/ 

Bret-Bennett-Demonstrates-IHow-To-Easily- 

Add-Urls-To-Favorite-Center-ln-IE7.aspx . I 
hope this procedure will bring joy back into 
growing your Favorites tree. ^ 

—Bret Bennett, president, BRET A. BENNETT 
InstantDoc ID100743 



reg.exe import RegFile 

In this case, RegFile needs to contain the 
full pathname to the .reg file (e.g., \\DC1\ 
ScriptsXFavorites.reg). 

5. To run this script, create or open 
an existing GPO, then navigate to User 
SettingsXWindows Settings\Scripts\Logon. 
Add the script to the Logon scripts dialog 
box. Close the GPO. 

Although there are other ways to make 
these registry changes (e.g., creating your 
own .adm files, using Windows Manage¬ 
ment Instrumentation's System Registry 
provider in a .vbs script), I prefer this method 
because of its simplicity. I successfully used it 
to redirect the Favorites, SendTo, and Recent 
folders from many Windows XP machines to 
a server. Before you deploy this solution, be 
sure to thoroughly test it. 

—Apostolos Fotakelis, systems administrator, 
Aristotle University of Thessaloniki, 
and freelance IT consultant 
InstantDoc ID 99798 


Quick Local Admin Test 

Need to determine whether the current user 
is a local administrator? Flere's a way you can 
quickly make this determination without 
having to check Domain Group member¬ 
ship. All you need to do is run a script named 
Local Ad minTest.vbs on the user's machine 
under that person's credentials. 

LocalAdminTest.vbs attempts to create 
a new registry key in a location (FIKEY_ 
CURRENT_USER\Software\Policies) that's 
normally forbidden to users unless they're 
local administrators. If the script success¬ 
fully creates that key, it displays a message 
box noting that the user has local adminis¬ 
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Deploying Office 2007 
and Managing VPNs with 
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I t's been a year since I last wrote about some of the most 
common Group Policy annoyances iVe come across. 
Since then, some things have changed while others have 
remained the same. What's changed is that Microsoft has 
released the new Group Policy Preferences feature, which 
adds a slew of new capabilities to Group Policy for Windows 
Server 2008, Windows Vista, Windows Server 2003, and Windows 
XP. What remains the same is that administrators continue to both 
criticize Group Policy's complexity as well as commend its power. 
Let's look at a couple of Group Policy pain points and how you can 
get around them. 

Deploying Office 2007 

When Microsoft released Office 2007, the company apparently 
ignored the thousands of IT administrators who use the Group 
Policy Software Installation (GPSl) feature to deploy Office to their 
desktops. At best. Group Policy has significantly fewer capabili¬ 
ties for deploying Office 2007 than it does for deploying Microsoft 
Office 2003. At worst, many shops will find GPSl unusable for 
deploying Office 2007. What went wrong, and how can you work 
around it? 

Microsoft completely changed the model for installing Office 
2007. While still providing the required Windows Installer (.msi) 
file for setting up Office, Microsoft removed support for the all- 
important transform files. In earlier versions of Office, administra¬ 
tors used transform files during GPSl installations to customize how 
their Office installations would be deployed. They could use the 
transform file to plug in product license codes, select which applica¬ 
tions to install, and even customize the configuration of applications 
within the Office suite. 

Office 2007, however, doesn't support transforms. Administrators 
can use Windows Installer patch file format (MSP) files to customize 
Office installations, but GPSl can't use MSP files. So Microsoft also 
provides a file called config.xml that you can use with GPSl to help 


Learn to work 
around some of 
Group Policy's 
tricky aspects 

by Darren 
Mar-Elia 


customize Office. (Config.xml is described in detail in the Microsoft 
article "Use Group Policy Software Installation to deploy the 2007 
Office system" at technet.microsoft.com/en-us/library/ccl79214 
.aspx .) The problem with config.xml is that all it lets you do is set 
which Office applications you want to install through GPSl. Any 
more customization requires you to create MSP files using Office's 
administrative tools. And, of course, you can't use those MSP files 
within GPSl. So what can you do, other than invest in a software 
distribution product or not deploy Office 2007? 

Your other option is to use Group Policy's startup scripts feature 
to deploy a customized script that uses both the Office setup and 
the MSP files. (A walk-through for this approach is provided in the 
Microsoft article "Use Group Policy to assign computer startup 
scripts for 2007 Office deployment" a t technet.microsoft.com/en-us/ 
library/ccl79134.aspx .) The downside to the startup-script method 
is that you don't get the advantages of life-cycle management that 
GPSl brings, such as the ability to patch, update, and remove appli¬ 
cations through Group Policy. But the startup script-based approach 
at least lets you deploy Office 2007 using Group Policy without hav¬ 
ing to resort to an expensive software distribution solution. 

Group Policy Over VPN 

1 get a lot of questions from folks trying to figure out how to make 
Group Policy work for their mobile users. Often, they want to be able 
to relax policy settings that are in place in their corporate environ¬ 
ment when users travel away from the office. Unfortunately, Group 
Policy isn't very mobile-friendly. 

The first thing to note is that Group Policy processing occurs only 
when a machine is in contact with a domain controller (DC) in the 
domain to which it belongs. So, if your mobile user is at home working 
on a corporate laptop that isn't connected to the corporate network via 
VPN, no Group Policy processing occurs on that machine. The settings 
the laptop got when it was last on the corporate network remain in 
effect. For example, if you force the user to go through a proxy when 
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■ GROUP POLICY 


on your corporate network, the user will still 
be forced to go through a proxy when off the 
network. 

When the user connects to the corpo¬ 
rate network over a VPN, the computer will 
process Group Policy as normal, albeit over 
a slower link. Remember that background 
processing happens every 90 minutes, plus 
a random offset of up to 30 minutes, on 
workstations and member servers. (Vista 
machines have the Network Location 
Awareness Refresh feature. If an offline Vista 
machine tries and fails to update Group 
Policy, the machine will refresh its policy 
almost immediately the next time a DC 
becomes available.) 

Keep in mind that unless the VPN con¬ 
nection is provided by an external device 
and not the workstation, a remote computer 
won't be able to process certain kinds of 
policies. For example, per-computer poli¬ 
cies that run only when a machine starts up, 
such as computer-based software deploy¬ 
ments or computer startup scripts, won't 
run unless a VPN connection to the DC is 
available during the machine's boot pro¬ 
cess. Also, user-based policies that require 
a logon (e.g., user-specific software deploy¬ 
ment or logon scripts) won't run unless the 
user logs on to Windows using the Logon 
using dial-up connection option on the 
logon screen. 

Finally, say you want to walk an offline 
user through overriding some corporate 
policy settings. You might logically think 
that having the user edit the local Group 
Policy Object (GPO) would temporarily 
undo any domain-based settings that have 
been applied. However, that isn't the case. 
For a domain-joined machine that isn't in 
contact with a DC, Windows will actually 
ignore anything you do to the local GPO 
because policy processing doesn't occur at 
all when a machine is offline. 


Your options for circumventing this 
annoyance are somewhat limited, but you 
can get creative. You can try using site-linked 
GPOs to apply alternative settings to a com¬ 
puter or user connecting to a DC from an IP 
subnet that's known to be unique to VPN cli¬ 
ents. The problem with this approach is that 
site-linked GPOs are lower in the processing 
hierarchy than domain and organizational 
unit-linked GPOs that the user is likely to 
be using. Even if site-linked GPOs that relax 
lockdowns are in effect, they will be overrid¬ 
den by other GPOs. 

You can get around the problem by 
setting the link on the site-linked GPO to 
Enforced. The Enforced flag causes Group 
Policy processing to say, 'T don't care what 
downstream GPOs might conflict with this 
site-linked GPO; I want the site-linked GPO 
settings to win." The downside to using 
Enforced is that site-linked GPOs can be dif¬ 
ficult to manage because sites span multiple 
domains. If managing site-linked GPOs isn't 
a problem for you, then an enforced site- 
linked GPO approach isn't bad. 

Another creative solution is to use the 
new Group Policy Preferences feature. 
Group Policy Preferences let you define 
GPO settings, then, in an approach called 
item-level targeting, use a variety of granular 
filters to apply setting to specific computers. 
One filter you can apply is IP address range, 
as Figure 1 shows. 

By filtering on the range of IP addresses 
assigned to VPN clients, you can apply regis¬ 
try policies within Group Policy Preferences 
that override settings you've specified in the 
Administrative Templates policy. Because 
the Group Policy Preferences registry exten¬ 
sion runs after the Administrative Templates 
extension, this approach overwrites Admin¬ 
istrative Template policy when a computer 
or user is on a VPN subnet. The downside 
is that you would want the Administrative 
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Figure 1:The IP address range filter 
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For more information about using Group Policy 
to manage systems and software, see these 
articles: 

"10 Ways to Manage Desktops with Group Policy," 
InstantDoc ID 45614 

"Group Policy Essentials no Sys Admin Can Live 
Without," InstantDoc ID 97780 

"Managing Microsoft Office 2007 with Group Policy," 
InstantDoc ID 97829 

"Using Group Policy to Implement Security Policies for 
Laptop Users,"InstantDoc ID 98253 


Template policy to be reapplied when the 
user is back on the corporate network, and 
that won't happen unless you force the 
Administrative Template policy to run dur¬ 
ing every Group Policy refresh cycle. 

The bottom line is that although there's 
no ultimate solution to managing mobile 
user lockdown, there are some creative 
things you can do to help make life easier 
for mobile users without removing their 
systems from your AD domain. 

Living with Group Policy 

Group Policy is a powerful tool for managing 
desktop configuration, but it can't help you 
in every scenario. And sometimes it can 
be downright frustrating to use, as these 
examples prove. The good news is that 
with the introduction of the Group Policy 
Preferences feature, you now have more 
features and more flexibility with which to 
accomplish your goals. The next time you're 
annoyed about something within Group 
Policy, take heart in knowing that with a 
script here or a Group Policy Preference 
there, you may be able to work around your 
problems and still leverage this powerful 
technology to get full control over your Win¬ 
dows desktops and servers. ^ 

InstantDoc ID 100667 
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Upgrade to VoIP with software that won't upend your PBX 


applications. A software-powered VoIP solution, based 
on Microsoft Office Communications Server 2007, 
helps you increase the productivity and flexibility of 
your workforce—especially your mobile users. Change 
the way you communicate without changing 


Now you can transition to VoIP with innovative 
software from Microsoft. Software that integrates with 
Windows Server® Active Directory® services, Microsoft® 
Office, Microsoft Exchange Server, and your PBX. Keep 
your PBX in place and still get new voice capabilities 
like drag-and-drop conferencing, anywhere access, 
and click-to-call functionality from familiar desktop 
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Introducing a major innovation in system performance 

New Diskeeper 2009 


Diskeeper 2009 has arrived. It’s the one investment that pays for itself many 
times over in restored system performance, extended hardware life and 
reduced user demands on IT staff. Now you can have better-than-new system 
performance across your network and it is invisible, hands free, and cost-effective. 

Diskeeper 2009 is the only defragmenter with InvisiTasking® technology- 
operating completely transparently across your network to eliminate file 
fragmentation. It is powerful enough to tame terabytes but precise enough to 
require only idle resources—eliminating the need to schedule defrag times. 


^ ^ Since implementing 
Diskeeper, complaints from 
users regarding delays in 
data retrieval have 
completely disappeared. ^ ^ 


Thousands of top IT professionals in major corporations around 
the world consider Diskeeper absolutely vital to their network 
performance. See for yourself. Install it now, because the chair 
under your doorknob won’t hold forever! 


SPECIAL LIMITED OFFER: 

Download a Free 45 day trial version now. 

Only available at this link; WWW.diskeeper.COm/win2009 

Volume licensing, government and educational discounts are available. 
Get a free analysis of your network and a no-obligation quote at: 

www.diskeeper.com/winquote or call us at 800-829-6468. Code 4173 


John S. Hansmann, MIS, 
Time Warner Cable Media Sales 



2009 


with InvisiTasking' 


Maximizing Performance 
and Reliability —Automatically 


© 2008 Diskeeper Corporation. All Rights Reserved. Diskeeper, Maximizing Performance and Reiiabiiity—Automatically, and InvisiTasking are either registered trademarks or trademarks owned by Diskeeper Corporation in the United 
States and/or other countries. Aii other trademarks and brand names are the property of their respective owners. Diskeeper Corporation • 7590 N. Glenoaks Bivd. Burbank, CA 91504 • 800-829-6468 • www.diskeeper.com 












IT ANNOYANCES 


Exchange 2007 
Shortcomings 


M icrosoft Exchange Server has gotten stronger in 
recent years, gaining both a solid reputation for 
stability and the lead in market share. With the 
release of Exchange 2007, Microsoft made mas¬ 
sive changes to the product, and frankly, many 
of them were excellent. However, a few changes 
weren't quite so good. In this article. I'll take a look at a few of the 
most common annoyances with Exchange 2007 and, where pos¬ 
sible, offer some solutions to the problems. 

GUI Limitations 

One of the key changes Microsoft made in Exchange 2007 was to 
build the entire product management toolset around Windows 
PowerShell. In itself, this is a good thing, but administrators used to 
using a GUI for some tasks can no longer do so. Examples of prob¬ 
lem areas include setting public folder permissions, manipulating 
diagnostic logging levels, getting mailbox statistics, and exporting 
mailboxes. Here are suggestions to help you around a couple of 
these problems. 

Getting mailbox statistics. In Exchange 2003, it's easy to see the 
size and number of items in mailboxes, and even sort the view. In 
Exchange 2007, you must use the Get-MailboxStatistics command 
through Exchange Management Shell (EMS), as shown here: 

Cet-MailboxStatisties | where 

{($_.objectclass -eq “mailbox”)} | 
sort-object TotalItemSize | 
format-table DisplayName, 

©{express!on= {$_.TotalItemSize.Value.ToMBO}; 
label=”MBSize(MB)”}, 

LastLogonTime, DatabaseName, 

ItemCount 

This command gets mailbox statistics for all mailboxes (not includ¬ 
ing system mailboxes and other special mailboxes) and outputs the 
results in a table. Eigure 1 shows the output, and you can see that 
I've labeled the TotalltemSize column as MBSize(MB) and that its 
values are in megabytes. The output is sorted by the TotalltemSize 
column. 

Eor help with using Power- 
Shell to manage Exchange, or for 
general information about Pow¬ 
erShell, see the learning path for 
this article online (www.windowsit 
pro.com , InstantDoc ID 1QQ62Q) . 

Eor more information about the 
Get-MailboxStatistics command. 


see the Microsoft article "Get- 
MailboxStatistics," at technet 
.microsoft.com/en-us/librarv/ 

bbl24612(EXCHG.8Q).aspx. 

Exporting a mailbox to a 
PST. In Exchange 2003, we have 
the ExMerge utility, a GUI tool, 
to export part or all of a mailbox 
to a PST. However, ExMerge 
isn't included with Exchange 
2003; you have to download and 
install it separately. In Exchange 
2007, the process for export¬ 
ing to .pst files has improved 
because the ability is built into 
the product. However, it would 
be nice if you could simply right-click a mailbox in the Exchange 
Management Console to export it. Instead, you must use EMS. 

Eirst, ensure your account (in my example. Admin) is a Micro¬ 
soft Exchange administrator and local administrator on the source 
server. Your account must also have full access rights for the mail¬ 
box from which you will export (in this case, Nathan). You can grant 
these rights with the following command: 

Add-MailboxPermission -Identity Nathan 
-User Admin -AccessRights FullAccess 

To perform the export, you must be on a computer running the 
32-bit administrative tools and with Microsoft Office Outlook 2003 
SP2 or Outlook 2007 installed. 1 usually use a Windows XP worksta¬ 
tion. As long as you meet the above prerequisites, you can run the 
export using the following command: 

Export-Mailbox 

-Identity nathan@gaots.co.uk 
-PSTFolderPath C:\PSTFi1es\nathan.pst 

(Eor detailed directions for exporting mailboxes, see the Micro¬ 
soft article "How to Export Mailbox Data," at technet.microsoft 
.com/en-us/librarv/bb266964.aspx .) 
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49 


Figure 1 :The output of the Get-MailboxStatistics command 
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■ EXCHANGE 2007 SHORTCOMINGS 


Certificates and Web Access 

Certificates are one of the most common 
areas where people have problems in 
Exchange 2007. By default, Exchange 2007 
is secured with a self-signed certificate. 
Although this method is secure, it often 
leads to users being prompted that the cer¬ 
tificate isn't trusted. Administrators usually 
prefer to access webmail through something 
such as owa.example.com. Therefore, it's 
essential to request, create, and assign a new 
certificate. This certificate needs to secure 
access to Exchange when Exchange is refer¬ 
enced by a variety of names. You create such 
access by adding Subject Alternative Names 
(SANs) to the certificate. The SANs need to 
cover all names used to access Exchange, 
including the host name, the internal Eully 
Qualified Domain Name (EQDN), the exter¬ 
nal EQDN for Microsoft Outlook Web Access 
(OWA) and Outlook Anywhere, and the 
external Autodiscover EQDN. 

So, what do you need to do? Assume 
you have a single Exchange 2007 server 
called exchserverl running the Mailbox, 
Hub Transport, and Client Access roles and 
you want to access the server using OWA 
internally via the URL https://owa.example 
.local and externally via the URL https:// 
owa. example, com. 

Eirst, you need the relevant DNS A records 
in your internal and external DNS zones so 
that the URLs resolve to the IP address of 
the server. Eor external access, make sure 
incoming traffic traverses any firewalls over 
port 443. When DNS resolution is working, 
you create a certificate request by running the 
following PowerShell command in EMS: 

New-ExchangeCertificate 
-GenerateRequest:$T rue 
-SubjectName “c=US, o=company, 
cn=owa.example.com” 

-DomainName owa.example.com, 
autodiscover.example.com, 
exchserverl, example.1ocal, 
example.com, 

exchse rve rl.example.1ocal 
-FriendlyName ExchOWACert 
-PrivateKeyExportable:$T rue 
-Path C:\ExchOWACert.req 

This command creates a request file, which 
you then send to your certificate authority 
(CA), be it an internal or public one. It's 
important that the SubjectName parameter 
is correct and represents your company. 
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Otherwise, it's unlikely a public CA such 
as VeriSign will be able to authorize your 
request. 

After your CA authorizes your server, it 
sends you a .cer file. You must import that 
file to the server using the command 

Import-ExchangeCertificate 
-Path C:\ExchOWACert.cer 

The output of this command shows that the 
certificate has been imported and lists the 
certificate's thumbprint. Copy the thumb¬ 
print to the clipboard; you'll need it to 
enable the certificate. To enable the cer¬ 
tificate, use the following command, where 
thumb is the copied thumbprint: 

Enable-ExchangeCertificate 
-Thumbprint thumb 
-Services “IIS,POP,IMAP,SMTP” 

You're almost done. All that remains is to 
set the URLs required to access Exchange. 
But first, 1 should introduce a couple of 
parameters. The IntemalURL and Extemal- 
URL parameters can be specified on 
web-accessible virtual directories such as 
OWA, Offline Address Book, Autodiscover, 
Exchange ActiveSync, Unified Messaging, 
and Exchange Web Services. Each of these 
virtual directories has a URLs property 
page that lets you configure its internal 
and external URLs. The IntemalURL and 
ExtemalURL parameters let you specify dif¬ 
ferent URLs for access to the Client Access 
server. The IntemalURL parameter is set 
by default on installation and is what the 
default self-signed certificate uses for its 
principal name. When a Client Access server 
is externally accessible, the ExtemalURL 
parameter should be configured with the 
URL used to access the service, such as owa 
.example.com/owa. 

Setting these parameters in larger 
Exchange deployments can be complex, but 
in this scenario, things are fairly simple. Use 
this command to set up the virtual directory 
for OWA: 

Set-OWAVirtualDirectory 

-Identity “OWA (Default Web Site)” 
-IntemalURL https://owa.example 
.1ocal/owa 

-ExternalUrl https://owa 
.example.com/owa 

The command is the same for other virtual 
directories, but substitute the corresponding 


EMS cmdlet (i.e., Set-OABVirtualDirectory, 
Set-UMVirtualDirectory, Set-WebServices- 
VirtualDirectory) and identity parameter. 

Having completed these steps, you 
should now have secure access to OWA 
both internally and externally from the URLs 
specified. You should also have a solid base 
to begin the process of enabling Outlook 
Anywhere with Autodiscover because the 
certificate and InternalURL/ExternalURL 
configurations are already in place. 

Lack of Native Backup in 
Server 2008 

My final annoyance is the lack of a built-in 
backup utility for Exchange 2007 running 
on Windows Server 2008. Exchange needs 
an Exchange-aware backup program. Ever 
since the first version of Exchange (4.0) 
shipped, the Exchange installation has 
modified NTBackup to provide just such a 
program. However, with the move to Volume 
Shadow Copy Service (VSS)-based backups 
on Server 2008—and consequently, the 
removal of NTBackup—Exchange no longer 
has a usable backup utility. The only options 
left are to purchase Microsoft System Center 
Data Protection Manager or third-party 
backup software. Unfortunately, right now 
there's nothing else that can be done, but in 
June 2008 a member of the Exchange Server 
product team announced that Microsoft 
plans to release a VSS-based plug-in for 
Windows Server Backup. The plug-in will let 
customers take Exchange-aware VSS back¬ 
ups on Server 2008. At press time, however, 
no updates have been released about the 
plug-in. 

As someone who has worked with 
Exchange 2007 for a while now, 1 often have 
clients moan to me about the bits they don't 
like. 1 hope this article gives you ideas about 
how to work around some of the challenging 
areas of Exchange—and 1 hope Microsoft will 
improve some of these problem areas in the 
next version of Exchange. ^ 
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Ease Security 

Headaches 



M any users, and even some IT administrators, 
would rather not have to deal with security. But 
like it or not, security is becoming more impor¬ 
tant than ever in today's compliance-focused 
companies. Let's review some common security 
aggravations and learn how to handle them. 

Ad Hoc Wireless Networks 

By default, Windows Vista and Windows XP can connect to different 
types of wireless networks. Infrastructure networks are networks 
in which computers are connected to a wireless router; this is the 
most common type of network. Ad hoc networks, which are set up 
to provide a quick and temporary wireless network for collaboration 
purposes, have computers directly connected to one another rather 
than via a router. 

Because no special hardware is necessary to set up an ad hoc 
network, a hacker with only a laptop and a wireless network card 
can easily create an ad hoc network in a public place (e.g., a coffee 
shop) and give the network a name that's similar to an official infra¬ 
structure wireless network, thus luring users into connecting to the 
ad hoc network. This type of social engineering is effective because 
despite Vista's shield logo that alerts users to ad hoc networks, many 
users will still take advantage of a free Wi-Fi connection. 

You can use Group Policy to remove the ability to connect to ad 
hoc networks. If you don't have an Active Directory (AD) domain, 
you can use Netsh from the command line as follows: 

1. Log on to Vista. 

2. From the Start menu, enter cmd in the Start Search box and 
press Ctrl+Shift+Enter. Enter your administrator credentials to start 
the command-line session. 

3. Run the following command: netsh wlan add filter 
permission=denyall networktype=adhoc 

4. To check whether the filter was added successfully, run the 
following command: netsh wlan show filters 

5. Under Block list on the system (user), the text SSID: '7 Type: 
AdhocMsiiW display. 

Windows Server 2008 and Vista Group Policy added support 
for controlling connection to ad hoc networks. You can back-port 
this functionality to Windows Server 2003 and Windows XP SP3 
by updating the AD schema. Eor information about applying this 
update, go to TechNet's "Active Directory Schema Extensions for 
Windows Vista Wireless and Wired Group Policy Enhancements" 
website (technet.microsoft.com/en-gb/library/bb727029.aspx) . To 
use Group Policy to restrict ad hoc networks in Server 2008, follow 
these steps: 


1. Log on to a Server 2008 
DC as domain administrator. 

2. Open Group Policy 
Management Console (GPMC) 
from the Administrative Tools 
menu. 

3. Expand the forest. 

Domains folder, and domain. 

4. Right-click Group Policy 
Objects and select New from 
the menu to create a new 
Group Policy Object (GPO). Name it "Wireless" and click OK. 

5. Make sure that the Group Policy Objects container is 
selected in the left-hand pane, then right-click the "Wireless" GPO 
on the Contents tab and select Edit from the menu. 

6. In Group Policy Management Editor, select Policies, Win¬ 
dows Settings, Security Settings under Computer Configuration. 

7. Right-click Wireless Network (IEEE 802.11) Policies and 
select Create A New Windows Vista Policy from the menu. 

8. In the Properties dialog box for the new policy, select the 
General tab and give the policy a name and description. 

9. Select the Network Permissions tab, then select the Prevent 
connections to ad hoc networks check box. Click OK. 

10. Close the Group Policy Management Editor window. In 
GPMC, link the "Wireless" GPO to the desired domain, site, or 
organizational unit (OU). 

Password AutoComplete 

Internet Explorer's (IE's) AutoComplete feature, which can "remem¬ 
ber" usernames and passwords, seems attractive. However, IE's 
AutoComplete or "remember me" functionality, which is often built 
in to web applications, has two major caveats. Eirst, web browsers 
are notoriously insecure and are common targets for data and ID 
theft. Allowing IE (or any browser) to store your passwords increases 
the risk that your electronic ID(s) could be compromised. Second, 
users who rely on IE's AutoComplete feature will run into problems 
if they move from one machine to another but can't recall the mul¬ 
tiple passwords that IE stored for them. This problem might not 
affect you if your organization uses roaming profiles. But for small 
shops, AutoComplete is not only a potential security risk but also 
a major annoyance, often resulting in time-consuming calls to the 
Help desk for logon assistance. 

Fortunately a simple solution exists for IE's AutoComplete "fea¬ 
ture." You can configure Group Policy to prevent IE from prompting 
for AutoComplete of forms and from storing passwords. Under 
User Configuration, Administrative Templates, Internet Explorer, 
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set the Do not allow AutoComplete to save 
passwords option to Enabled. 

For websites with built-in "remember 
me" features, you must disable the ability 
to store cookies. You can edit Group Policy 
to configure IE's privacy settings to block all 
first- and third-party cookies, permitting only 
session cookies. Under User Configuration, 
AAfindows Settings, Internet Explorer Mainte¬ 
nance, Security, set cookie handling as part of 
the Security Zone and Content Ratings config¬ 
uration. Importing the security zone settings 
of the machine in use as a baseline configura¬ 
tion will include any cookie-handling con¬ 
figuration that was set on the Internet Options 
Control Panel applet's Privacy tab. 

Restricting all first-party cookies might 
limit some web applications' functional¬ 
ity. To work around this problem, you can 
click the Sites button on the Privacy tab and 
enable the Per Site Privacy Actions option. 

UAC Improvements 

Because Vista's User Account Control (UAC) 
implementation has caused such frustra¬ 
tion, many IT administrators have disabled 
it. However, certain features such as file and 
registry virtualization and IE's Protected 
Mode depend on UAC being enabled. Vista 
SPl's UAC has some key improvements to 
let both home and enterprise users take 
advantage of its benefits. 

First, the number of UAC prompts for cre¬ 
ating or renaming files is reduced fi-om four 
in Vista to one in Vista SPl. Another problem 
is that when you use Remote Assistance in 
Vista, if the person providing help needs to 
enter credentials on a UAC prompt. Secure 
Desktop doesn't display in the Remote Assis¬ 
tance window. A new Group Policy setting 
in Vista SPl lets User Interface Access (UIA) 
applications running fi-om secure locations 
bypass Secure Desktop, essentially allow¬ 
ing remote administrators to enter elevated 
credentials on the user's behalf. To access 
this setting, select Computer Configuration, 
Policies, Windows Settings, Security Settings, 
Local Policies, Security Options fi-om Vista 
SPl's Group Policy. The setting is called User 
Account Control: Allow UIAccess applications 
to prompt for elevation without using the 
secure desktop. Despite introducing a secu¬ 
rity risk, allowing UIA applications to bypass 
Secure Desktop is preferable to disabling 
Secure Desktop completely for the sake of 
one application. 
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Vista SPl's UAC improvements might 
seem minor. However, the additional Group 
Policy settings let you configure UAC to 
behave in a manner that's suitable for users' 
needs without completely disabling this 
valuable feature. 

Updating Third-Party Applications 

Windows has great built-in patch manage¬ 
ment in the form of Microsoft Update and 
Windows Server Update Services (WSUS). 
However, third-party client applications 
(e.g., Adobe Flash Player, RealNetworks 
RealPlayer) can introduce significant secu¬ 
rity risks if they aren't kept up-to-date. Some 
programs have auto-update capabilities, but 
many don't. Therefore, keeping such pro¬ 
grams patched across a network is difficult 
without using a third-party tool. 

You can use Group Policy software dis¬ 
tribution to install patches and updates, but 
this solution isn't ideal because it has almost 
no reporting facilities. In addition, you must 
distribute everything as a Windows Installer 
package (i.e., .msifile). Repackaging installer 
routines is time consuming if an .msi file 
isn't supplied by the vendor. 

For midsized and large organizations. 
System Center Essentials (SCE) and Micro¬ 
soft System Center Configuration Manager 
(SCCM) hook into Windows Update and let 
you distribute software and patches without 
having to repackage into MSI format. Small 
organizations have more limited third-party 
options. 

Application Virtualization 

The more you secure a system, the less flex¬ 
ible it becomes. Security inevitably means 
a trade-off in usability for end users, as well 
as convenience for systems administrators. 
New application virtualization technologies 
can help secure host OSs by letting you run 
applications on demand without adversely 
affecting the host system's security and 
configuration. 

Developers and administrators have been 
using virtual machines (VMs) for a long time 
to test software. The use of desktop VMs, how¬ 
ever, has been hindered by the need to license 
a second copy of an OS, as well as the lack of 
integration with the host environment. 

Vista Enterprise was the first Microsoft 
OS release that includes a license to run as 
many as four additional copies of the OS in 
a VM. Further blurring the division between 


VM and desktop, the latest incarnations of 
VMware Workstation and VMware Player 
include the Unity view, which lets an appli¬ 
cation running inside a VM appear in a 
window as if it's running on the host system. 
Although this solution doesn't provide a 
fully seamless experience, you can configure 
applications to access the host's drives so 
that you can work with the application as if 
it's running locally. 

Microsoft's Application Virtualization 
(App-V) technology goes a step further and 
provides a completely seamless experience 
to the end user, with the ability to stream 
applications from an App-V server to users 
on demand and deploy those applications 
without any special privileges. App-V's Sys- 
temCuard technology sandboxes changes 
made to the registry, file system, and other 
resources and captures requests between 
the application and the virtualized compo¬ 
nents. SystemCuard isolates applications 
from one another, and no system-level 
changes are made to the host system. 

App-V opens up the possibility of install¬ 
ing many applications side-by-side without 
having to worry about potential conflicts. In 
addition, App-V reduces the severity of any 
security flaws introduced to the host system. 
Application virtualization will be increas¬ 
ingly important; ideally, a future version of 
Windows will include App-V technology to 
provide an integrated application virtualiza¬ 
tion layer. 

Plan for Security 

You need to include security as part of 
your system or application design from 
the beginning. Too often, security is simply 
an afterthought that becomes difficult to 
implement once a system is in place. Deploy 
single sign-on (SSO) technologies wherever 
possible so that users can use one set of 
credentials to access corporate systems. You 
should balance the need for security against 
usability and flexibility, because if security 
becomes too complicated users will find 
ways to circumvent it. ^ 
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4 easy fixes that 
restore network 
connectivity 


T he network is down!" At some point in your IT 
career, you'll hear this phrase above the din 
of the office photocopiers. Rarely, if ever, does 
the actual physical network go down. How¬ 
ever, some problems can make it appear to 
your users that the network is in fact down. 
The following four network annoyances typically will make your 
users shout the above phrase and leave you scratching your head. 
As you'll see, when it comes to networking, not everything is as it 
appears. Two of these situations give the illusion of a problem with 
the network, although the problem actually lies elsewhere. Let's look 
at these network annoyances and how to deal with them. 

Mysterious Disconnections 

You're summoned to the cubicle of a user who lost network con¬ 
nectivity. Windows shows the connection enabled but the cable 
unplugged. With a sigh, you check the user's Ethernet cable. It's 
connected. You swap it for a different cable, but it still doesn't work. 
In a fit of fiaistration, you move the cable in the wiring closet between 
the patch panel and the Ethernet switch to a different switch port. 
The connection is restored. What's going on? 



by Michael 
Dragone 


this problem. I use examples 
based on Cisco CatOS, though 

similar functionality exists for - 

Cisco lOS. (To learn more about 

enabling Cisco routers, see "9 Steps to Setting up a Cisco Router," 
InstantDoc ID 98740 .) 

1. Physically identify the switch port that you believe to be 
error-disabled. 

2. Erom enable mode, execute the command 


show port <port nuniber> 

3. If the port is in fact error-disabled, the status will be listed as 
errdisable. 

4. Eix the problem that caused the port to become disabled. 
(Make sure to check your duplex configuration and cabling). 

5. To re-enable the port, from enable mode execute the com¬ 
mand 


set port enable <port number> 

Functionality also exists so that you can set an error-disabled switch 
port to automatically re-enable after a specified period of time. You 


A former colleague of mine contacted me in a panic: His 

network was going down around him. The symptoms he described included 
a user unable to access Exchange Server through Microsoft Office Outlook. 
Strangely though, the Internet was accessible. 


Many enterprise switches have built-in functionality that auto¬ 
matically disables a port that appears to be behaving improperly. A 
typical cause is a duplex mismatch. The reasoning behind the func¬ 
tionality is that a disabled port is likely to be noticed immediately, 
letting the administrator correct the problem that caused the port to 
be automatically disabled in the first place. 

In Cisco parlance, this functionality is known as error-disable or 
errdisable. Other vendors might use different terminology. 

The following five steps show how you can identify and fix 


can also enforce all causes of error-disabling or enforce particular 
causes (such as automatically re-enabling for all reasons except 
for a duplex mismatch). To set a switch port to be automatically 
re-enabled, investigate the documentation for the set errdisable- 
timeout command. 

Routing Between VLANs 

Many IT pros use VoIP or have it noted on their ever-growing to-do 
list to set up. VoIP vendors typically recommend that a separate 
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VLAN be created explicitly to separate data 
traffic from voice traffic. This separation 
primarily reduces the amount of broadcast 
traffic that must be received by VoIP phones. 
It also eases the enforcement of more strin¬ 
gent Quality of Service (QoS) parameters in 
an effort to make voice quality as good as 
or better than that of a standard non-VoIP 
telephone. 

1 often hear from folks who are in the 
midst of setting up this separate VLAN or 
who have just recently configured it. For 
some, it's the first VLAN they've ever con¬ 
figured. 

They try to ping a device with an IP 
address resident in the data VLAN, because 
inter-VLAN connectivity is necessary in 
most cases for Internet access and manage¬ 
ment of the VoIP infrastructure from the 
data VLAN. This ping fails. In fact, all com¬ 
munication fails. The VLAN must not be set 
up correctly, right? 

No. The problem here is simple forget¬ 
fulness of Networking 101 skills. Switching 
occurs at Layer 2 of the OSl model, but IP is 
at Layer 3—you can't route IP packets with¬ 
out a device that can perform this routing 
function. 

The first reaction 1 hear is "Oh no; now 1 
need to buy a router. 1 didn't budget for that 
in my VoIP plan." Not to worry, a router isn't 
always necessary. Here are some alterna¬ 
tives. 

Upgrade. You might have one or more 
switches that can provide Layer-3 IP rout¬ 
ing or that can be upgraded to support it. 
The higher you go on the switch vendor's 
food chain, the more likely this is the case. 
If you're investing in new switches that pro¬ 
vide Power over Ethernet (PoE) for a VoIP 
deployment, it might be wise to spend the 
extra money up front to ensure you have a 
switch with Layer-3 functionality. 

Use a small office/home office router. 
Using a SOHO router might not be the 
best idea from a scalability and support 
standpoint, but at least it gets you up and 
running. 

Use a firewall. Either a hardware or soft¬ 
ware firewall works, as long as it has an 
unused Ethernet interface thatyou can utilize. 
Mark the interface as a connection to an addi¬ 
tional internal or trusted network and set the 
appropriate routing and security policies. 

Use RRAS. You can use ERAS, available 
in Windows Server, as long as the machine 
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you set it up on has two Ethernet interfaces. 
This is an attractive option if you also need 
to provide infrastructure services such as 
DHCP and DNS to your voice VLAN. 

Operation Aborted 

How many times have you experienced 
this behavior: You type a URL into Internet 
Explorer's (IE's) address bar and press Enter. 
The site begins to load, but then you receive 
a dialog box with the message "Internet 
Explorer cannot open the Internet site < Web 
address>. Operation aborted." When you 
try to load the page again, however, you 
succeed. I've encountered this behavior on 
Microsoft's TechNet site many times but 
never thought much about it. When people 
in my office started reporting it happening 
on other sites, including Google's home 
page, 1 decided to investigate. 

Initially 1 thought it was a problem with 
the web proxy functionality of our ISA Server 
firewall. However, even after temporarily 
bypassing the firewall, 1 was still able to 
reproduce the problem. Then 1 thought that 
my TCP session was being reset at some 
point before the page finished loading. A 
network trace proved this wasn't the cause. 

Einally, 1 started to think that the prob¬ 
lem might be with IE itself, so 1 dug around 
on the Internet and found this Microsoft 
article "BUG: Error message when you visit a 
Web page or interact with a Web application 
in Internet Explorer: 'Operation aborted'" at 
support.microsoft.com/kb/927917 . 

This was my exact problem, but the 
cause—script code trying to modify particu¬ 
lar container elements—didn't explain why 
the problem wasn't occurring continuously. 
After all, it's unlikely that the TechNet site 
was modified within the two seconds that it 
takes to press E5. However, further examina¬ 
tion indicated that the problem lies with IE's 
parser: The exact order in which the page is 
loaded and parsed changes ever so slightly 
from refresh to refresh. This would explain 
how 1 could refresh a problem page 10 times 
but the problem would occur twice. 

1 never found a workaround. The article 
states that the fix lies with the site author, 
who has to modify the code. Let's hope 
Microsoft will fix this problem in IE 8.0. 

Passwords Expired 

A former colleague of mine contacted me 
in a panic: His network was going down 


around him. The symptoms he described 
included a user unable to access Exchange 
Server through Microsoft Office Outlook. 
Some mapped drives were also inacces¬ 
sible. Strangely though, the Internet was 
accessible. 

While he was troubleshooting the prob¬ 
lem with the user, a user in the next cubicle 
experienced the same symptoms. Eive min¬ 
utes later, someone else across the office 
yelled, "1 have the same problem!" 

1 asked my colleague whether he had 
checked the obvious: Were those serv¬ 
ers actually experiencing a problem? No. 
Were there any recent software, hard¬ 
ware, or configuration changes? No. Was 
basic networking connectivity present and 
functioning? Yes. 

After thinking for a few moments, 1 
asked if he had checked the user accounts 
in Active Directory (AD) to see if the users 
having problems had somehow all locked 
themselves out at the same time. He had 
checked this, and they weren't locked out. 
Einally, in a Eureka! moment, 1 asked him 
to check whether the users had recently 
received a prompt notifying them that their 
password would expire soon and asking 
whether they would like to change it. 

He reported back that they had all been 
seeing the prompt for "a few days" and that 
today it said there was one day left. No one 
likes changing their password, so they had 
been clicking No for days. Today was no 
different. However, "one day" in this sense 
doesn't mean "24 hours from now"; it really 
means "sometime in the next 24 hours." My 
colleague directed the users to log off and 
log back on. Sure enough, all were forced 
to change their passwords and experienced 
no problems afterwards. Because these 
people arrive each day at approximately 
the same time, the validity period of their 
passwords was almost identical. We both 
now tell users that "one day" really means 
"today." ^ 
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Should You Use 

Windows 

Server 

Backup? 

W eVe often been reminded by Microsoft that 
NTBackup—included with Windows NT 
4.0, Windows 2000, and Windows Server 
2003—wasn't intended as a full-featured, 
enterprise-level backup solution. Neverthe¬ 
less, many of us would use it that way in a 
pinch. Since Windows Server 2008's release, however, we can't 
get away with using Windows' new built-in backup tool for large- 
scale, enterprise backups as easily we could with NTBackup. That's 
because Windows Server Backup, the Server 2008 replacement for 
NTBackup, functions much differently from NTBackup. I'll take you 
through some of the annoying differences between NTBackup and 
Windows Server Backup, tell you how you can sometimes work 
around those annoyances, and explain why you might need to con¬ 
sider a more fully featured backup solution. 




IT ANNOYANCES 


Learn to work 
with the 
limitations of 
NTBackup's 
replacement in 
Server 2008 

tigating a server problem more 

of a challenge. I've found that by Orin Thomas 

companies—especially small 
businesses—often don't con¬ 
sider backups until problems occur. 

The only way to avoid the problem of getting caught without 
Server 2008's backup software installed is to install the Windows 
Server Backup and wbadmin.exe features when you deploy Server 
2008. Unfortunately, you're still likely to get called to look at servers 
that have never been backed up and probably don't have Windows 
Server Backup installed. It's a pity there's no warning on Server 2008 
that asks you to regularly back up the server in the same way that it 
nags you about configuring automatic updates. With such a warn¬ 
ing, only the most recalcitrant administrators would fail to ensure 
that their data was safely backed up. 


Annoyance #1 

Windows Server Backup Isn't Installed By Default 

Unlike NTBackup, which was installed by default on Windows 
2003 and Windows 2000, Windows Server Backup isn't installed by 
default on Server 2008. To use Windows Server Backup, you need to 
use the Add Features wizard, which lets you install Windows Server 
Backup, and the wbadmin.exe command-line utility, which you use 
to back up Server Core computers. 

The lack of default backup software can 
be very annoying in certain circumstances. 

Say you've been called in to look at a server 
that's behaving erratically, only to find that 
it has never been backed up and that you 
can't install any new software. I like to 
back up a server before I do more invasive 
mucking about, and not having backup 
software installed by default can make inves- 


Annoyance #2 

No Tape Drive Support 

One of the most surprising facts about Windows Server Backup is 
that it doesn't support tape drives. You didn't misread that: Win¬ 
dows Server Backup and the wbadmin.exe command-line utility 
can't be used to write backups to tape. There's at least one perfectly 
good reason why that's the case: Tape drives are going the way of the 
floppy disk. Not only can today's hard drives store insane amounts 


One of the most surprising facts 
about Windows Server Backup is 
that it doesn't support tape drives 
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of data, they're also significantly faster than 
tapes during the backup and restoration 
process. However, most IT shops have an 
existing backup tape infrastructure, and 
good tape drives never came cheap. Going 


to Server 2008 might mean that expensive 
tape drive starts collecting dust. 

If you're migrating from a previous 
version of Windows to Server 2008, you 
might have to decide to ditch the legacy 
hardware and purchase some removable 


hard drives or perhaps go with another 
vendor's backup solution. You'll also need 
to devise a plan for recovering data stored 
on tapes once you fully migrate to Server 
2008. Although Windows Server Backup 


doesn't let you import backups made with 
NTBackup, and you can't use NTBackup to 
restore backups made with Windows Server 
Backup, Microsoft provides a restore-only 
version of NTBackup at go.microsoft.com/ 
fwlink/?Linkld=82917. This version of 


NTBackup can read from tape drives, but 
can't write to them. You can extract your 
existing backup data from the tapes, but 
you won't be able to use the tapes anymore 
after that. To use the Server 2008 restore- 
only version of NTBackup with a tape drive, 
you need the correct Server 2008 driver for 
that tape drive. Because Windows Server 
Backup doesn't support tape drives, some 
tape drive manufacturers are reluctant to 
support Server 2008. 

Annoyance #3 

A Dedicated Disk Is Required for 
Scheduled Backups 

Windows Server Backup requires a dedi¬ 
cated disk (not just a partition) to store 
scheduled backups. When you run your 
first backup to the new disk, the disk is 
repartitioned and formatted. You won't be 
able to use it for anything other than stor¬ 
ing backup data, and you can't view it in 
Windows Explorer. You can have Windows 
Server Backup write data to an internal hard 
drive or to a USB 2.0 or IEEE 1394 compat¬ 
ible disk. Microsoft recommends that your 
disk be roughly two and a half times larger 
than the amount of data you'd write in a full 
backup, and the smallest amount you can 
back up is an entire volume. The default 
Windows Server Backup settings involve a 
full backup followed by incremental back¬ 
ups. Windows Server Backup manages data 
so that the oldest backup is automatically 
removed when the disk begins to run out of 
space. The idea behind this approach is that 
you can set up and schedule your backup, 
then forget about it until it's time to perform 
a restore. 

This method is pretty good for a hare- 
bones backup solution, but if you're used 
to the configurability of NTBackup, it can 
be a bit annoying. You can perform a one- 
off backup to a network location or optical 
media, but you can't schedule backups to 
these locations. Clever administrators might 
write a script called by a scheduled task that 
uses wbadmin.exe to write a backup, but 
you won't be informed if the target location 
has enough space for the backup to finish 
successfully. Going outside the parameters 
of what you can accomplish with scheduled 
backups is one of those "you can do it, but 


Get Full Access That Fits 
Your Schedule 

with the WmdowsITPro 

JMToTWf^nrnv i 

(•him o /-s LrLH::i:> 


For only $5.95 per month, your Windows IT Pro Monthly Pass includes: 


Anytime access to the solutions in over 10,000 Windows IT Pro 
online articles 

P> Updates and news alerts on the latest industry developments 
Membership to the world's largest independent IT community 
P> Fast answers from gurus and your peers through interactive 
blogs and forums 

P> PLUS the latest digital issue of Windows IT Pro magazine! 

Sign up today to start getting the answers you 
need when you need them. 

www.wmdowsitpro.coin/qo/MonthlyPass 


If you're migrating from a previous 
version of Windows to Server 2008, 
you might have to decide to ditch the 
legacy hardware and purchase some 
removable hard drives. 


ows IT Pro 


26 JANUARY 2009 Wind 


We're in IT with You 


www.windowsitpro.com 



















Download a tool that will 
benefit any IT Manager 


Manager 

Gain a complete insight into the health and status 
of your systems and network with ELM Enterprise 
Manager. This powerful centralized system monitoring 
and event log solution will save your department time, 
support your team’s proactive management objectives 
and give you a clear picture of the health and status of 
your IT environment. Before your 30-day trial is over 
you’ll wonder how you ever got along without it. 

www.tntsoftware.com/ian09 


TNT 


Software 


SoUmarePursutsi^ 


Reliable Data Management 

Acyi/fcaCran, Syndirmiia'don, & MigraSaa 


MigratePro 


Windows File Server 
Migratim, Consolidation. & 
Share Protection 


File Replication & Synchronization 

for PC's S Servers 

Micmsofi 


ieBfn H/Iofe S Download free Trials 

SoRwareParsttits 

B0O-367-48Z3 


Reasons t 
Windov/s 



^ise with the 
J^Metwork 


Windows IT Pro is the leading independent voice in Windows IT, 
reaching 2.5 million engaged users each month. 

68% of readers spend an hour or more reading each issue. 

49% of Windows IT Pro subscribers visit windowsitpro.com on a monthly basis. 

On average, each issue of Windows IT Pro is passed along to one other colleague. 

94% of our readers are involved with purchasing, with 74% specifying or 
recommending brands and suppliers. 

Readex Reader Survey, September 2007 


WindowsITPro 

. * . 619-442-4064 

WWW. Wl n d O WS ltprO.com Birdie.ghiglione@penton.com 


www.windowsitpro.com 


We're in IT with You 


Windows IT Pro 


JANUARY 2009 27 



















■SHOULD YOU USE WINDOWS SERVER BACKUP? 


backups is one of those "you can do it, but 
you probably shouldn't make a habit of 
it" things that systems administrators are 
always being warned about. 

Requiring a dedicated disk also makes 
the practice of rotating backups to offsite 
locations more challenging. Many organi¬ 
zations take one set of backups offsite each 
week, enabling data recovery in the event 
that the building bums to the ground, is 
flooded, or is hit by a meteor. Windows 
Server Backup works on the philosophy that 
the backup volume is tethered to the server 
and will probably not be rotated offsite. If 
disaster recovery is a concern, you need to 
look at a more full-featured solution. 


Annoyance #4 

The Volume Is the Minimum Backup 
Selection 

Unlike NTBackup, which lets you select 


individual files and folders to back up, the 
smallest item that you can back up using 
Windows Server Backup is an entire volume. 
This limitation exists because Windows 
Server Backup uses a full disk image rather 
than just writing files and folders to a loca¬ 
tion and compressing them into a binary 
blob. You can still restore individual files and 
folders, however. 

One thing that surprises many admins 
is that Windows Server Backup can't per¬ 
form a system-state-only backup. It's pos¬ 
sible to perform a system-state-only backup 
using the wbadmin.exe command start 
systemstatebackup, but some admins aren't 
comfortable using the command-line envi¬ 
ronment to complete what should be a 
relatively straightforward task. 

Why Use Windows Server 
Backup? 

Windows Server Backup works best if you 
remember that it isn't designed to be an 
enterprise-level backup solution. Many 


administrators find this limitation annoy¬ 
ing because that's essentially how they've 
been using NTBackup for much of the past 
decade. If you take it for what it is—the 
WordPad of backup programs—you'll find 
that what it actually does do, it does quite 
well. If you use Windows Server Backup to 
schedule a regular backup to a removable 
disk or an internal hard disk, it's very simple 
to perform a complete restore of the entire 
Windows OS. You wouldn't use Windows 
Server Backup to back up your Exchange 
Server or SQL Server systems, but you prob¬ 
ably didn't use NTBackup to do so, either. 

InstantDoc ID 100683 
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SQL Server 2008: 

Too Much 
Choice? 


I t's an understatement to say that Microsoft SQL Server is 
a complicated product. It can take months, if not years, to 
fully master it. Until you reach a certain level of understand¬ 
ing about the methodology of SQL Server, there will be 
aspects that can seem confusing, if not annoying. DBAs who 
stumble across something that annoys them typically find 
a workaround to accomplish the same goal. Eventually such work¬ 
arounds become second nature, and the annoyance is forgotten. 

As Pete Kavanagh, one of the forum pros on the SQL Server 
Magazine forums (sqlforums.windowsitpro.com/web/forum/ 
default.aspx) , mentioned to me, "I developed alternative habits to 
get around them (annoyances), so it is difficult to remember what 
they were." Russell Bloom, another SQL Server Magazine forum pro, 
wondered if changes in the query editor's tab settings between SQL 
Server 2000 and SQL Server 2005 counted as an annoyance; after all, 
he easily rectified that problem by altering a couple of SQL Server 
Management Studio settings. Nonetheless, we can all agree that 
some things about SQL Server 2008 are definitely annoying. 

SQL Server Bugs 

There are things about SQL Server that some users see as unusual 
and others see as expected behavior. If you read some SQL Server 
bug reports, you'll find that the reported behavior is often "by 
design" rather than by accident. These behaviors might seem mad¬ 
deningly illogical to some people and perfectly straightforward to 
everyone else. For example, when you query a view that uses the 
TOP (100) PERCENT and ORDER BY clauses in SQL Server 2000, the 
results are returned in the order specified by the ORDER BY clause. 
But when you queried the same view in SQL Server 2008 or SQL 
Server 2005, the results were returned in random order. People have 
coherent arguments about whether a random or ordered output 
should result. Some argue that the SQL Server 2000 behavior was 
the problem, others that it made no sense to change this behavior in 
later releases. The debate was ended only when Microsoft released 
a hotfix to bring the behavior of SQL Server 2008 and SQL Server 
2005 in line with that of SQL Server 2000 (see supportmicrosoft 
.com/kb/926292 ). 

That said, bugs do exist, and they are annoying. When you 
encounter database behavior that doesn't conform to your expec- 


IT ANNOYANCES 


Multiple 
editions and 
confusing 
licensing 
options create 
SQL Server 
frustration 

by Orin Thomas 


tations and hence might be 
a bug, you have an effective 
method of reporting this infor¬ 
mation to Microsoft by using the 
Microsoft SQL Server Connect 
website at connect.microsoft 
.com/SQLServer. You can 
check whether anyone else has 
reported the bug and, if so, if 
Microsoft has released a solu¬ 
tion or patch for it yet. If no one has reported it, you can report it 
yourself. Bugs that impact many users attract a larger number of 
user ratings and are assigned a higher priority for resolution by the 
SQL Server team. 

Too Many SQL Server 2008 Editions 

Choice is good. Too much choice can lead to confusion. Although 
the abundance of SQL Server 2008 versions is understandable, it 
can also be frustrating. Ignoring the variations for processor archi¬ 
tecture, SQL Server 2008 comes in eight editions: 

Enterprise 
Standard 
Developer 
Workgroup 
Web 
Express 

Express with Advanced Services 
Compact 

Although each of these editions is targeted at a different market, 
it can take you a while to work out which edition best meets your 
organization's needs. When you have only a few versions to choose 
between, your decision should be relatively straightforward. When 
you have to weigh up the pros and cons of eight different editions, 
the decision will take you more time. 

Many DBAs take the approach that it's probably safest to go with 
the Enterprise edition—that way, they won't be blamed if they later 
find they need a feature or licensing option that isn't included in one 
of the other seven editions. Just because your organization doesn't 
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■ SQL SERVER 2008 


need a particular feature today doesn't 
mean that it might not need that feature 
tomorrow, the Enterprise edition is the only 
one that includes the complete SQL Server 
2008 feature set. 

Furthermore, any savings gained by 
purchasing the most appropriate edition of 
SQL Server for an organization might be lost 
in paying the DBA to work out precise needs 
in advance and then matching those needs 
to the edition of SQL Server 2008 that best 
meets them. It isn't necessarily beneficial to 
spend a stack of billable hours only to save 
a couple hundred bucks in selecting the 
perfect edition. (Of course, this sort of task 
might be a good money spinner for those 
on the consulting side of things.) 

Although there are reasonable argu¬ 
ments about why each edition is available, 
reducing the number of editions would 
make the DBAs task of deciding which 
edition to deploy a lot easier. If that task is 
easier, the DBA is a lot less likely to make 
a mistake when attempting to complete it. 
The more choices you give people, the more 
likely it is that some of them are going to 
make the wrong one. 

Complicated SQL Server Licensing 

Ensuring that SQL Server is properly 
licensed can be quite challenging—espe¬ 
cially now that hosting SQL Server instances 
in virtual environments is far more com¬ 
mon. Searching Microsoft SQL Server 
Books Online ( msdn.microsoft.com/en-us/ 
sqlserver/cc5142Q7.aspx) for the term licens- 
/ng reveals little that's illuminating. You have 
to dig around Microsoft's website to find any 
details about how you license SQL Server 
2008, and even then you might not come up 
with a solution that licenses the product in 
the most economical way. 

There are three basic ways to license 
SQL Server 2008: Server plus device CAL, 
Server plus user CAL, or Processor license. 
The bird's-eye view is that you choose 
Server plus device CAL if multiple peo¬ 
ple use a specific set of devices to access 
your SQL Server instance. Choose Server 
plus user CAL if specific users use more 
than one device to access your SQL Server 
instance, and choose a Processor license 
if you want to license an unlimited num¬ 
ber of users and devices to connect from 
inside or outside the firewall. Although 
you can find the costs of each license type 
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on Microsoft's website at www.microsoft 
.com/sqlserver/2QQ8/en/us/pricing.aspx, 
the prices listed are estimates because they 
vary depending on the number of licenses 
you buy. Your organization can negotiate 
volume license agreements with Microsoft. 

Adding to the licensing complexity, the 
Workgroup edition has its own CALs. You 
can use Workgroup CALs only with Work¬ 
group edition servers, but SQL Server 2008 
CALs can be used with any SQL Server 
2008 server. You also have to ensure that all 
devices that indirectly access SQL Server on 
behalf of a client are licensed. Microsoft says 
that a CAL is required no matter how many 
levels of hardware or software exist between 
SQL Server and the client device. When you 
reach a certain level of abstraction, however, 
it can be difficult to figure out how many 
devices are actually indirectly interacting 
with the server. 

And then we arrive at the trickiest of 
licensing situations: What do you do about 
virtualized instances of SQL Server 2008? 
The Workgroup and Standard editions 
require at least one license per virtual oper¬ 
ating environment. The SQL Server 2008 
Enterprise edition license works differently 
from other editions when run in a virtual¬ 
ized environment. If you've licensed SQL 
Server 2008 Enterprise edition with one of 
the Server plus CAL options, you can run 
any number of SQL Server instances on 
separate virtual OSs as long as they're on the 
same physical server. If you have the Enter¬ 
prise edition with the Processor license, 
you can run unlimited instances only if all 
physical processors have been licensed. If 
that gives you a bit of a headache, don't even 
bother looking into what goes on when you 
start using products such as System Center 
Virtual Machine Manager 2007 to transfer 
virtual machines (VMs) between hosts. 

The further you look into it, the more 
complicated licensing becomes—which is 
probably why a lot of DBAs decide that 
the cost of tracking compliance will be sig¬ 
nificantly reduced by going with a Processor 
license. To reduce confusion about licens¬ 
ing, Microsoft should offer a licensing advi¬ 
sor application to accompany the Upgrade 
Advisor and other planning tools you can 
run before installing SQL Server 2008. An 
application that monitors license compli¬ 
ance might be useful as well, though it 
would probably be difficult to track licenses 


^Learning Path 

For more articles and commentary about SQL 
Server 2008 from SQL Server Magazine: 
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for clients that indirectly access SQL Server. 
More useful—and easy-to-find—documen¬ 
tation on licensing from Microsoft wouldn't 
hurt either. 

A Complex Application 

Although the problems 1 touched on are 
in no way deal breakers, the complexity 
around licensing SQL Server 2008 and 
the variety of edition choices are things 
that can be annoying. DBAs have to worry 
about a whole host of other problems 
when upgrading to SQL Server 2008, so 
Microsoft should make deciding which 
edition to select and how to license it as 
simple as possible. 

InstantDoc ID 100760 
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IT ANNOYANCES 


A lthough Microsoft SharePoint is a powerful, trans¬ 
forming technology in our enterprises, it presents 
many administrative obstacles in configuration, man¬ 
agement, and security. Let's look at some common 
headaches that IT professionals face when imple¬ 
menting SharePoint Products and Technologies. 

The Random Port for Central Administration 

When you perform a basic installation of Windows SharePoint Ser¬ 
vices (WSS) 3.0 or Microsoft Office SharePoint Server (MOSS) 2007, 
the setup routine makes all configuration choices for you. Along the 
way, SharePoint setup selects a random port on which to publish 
the Central Administration website. This means that you're forced 
to access Central Administration using a URL in the format http:// 
server’.port number, but you must know the port number. Remem¬ 
bering a random port number for one farm's Central Administration 
site is painful enough. Multiply that by several farms, and you'll 
quickly be checking yourself into the SharePoint funny farm. 

Luckily, you can retrieve the port number by looking at the list 
of web applications in the Microsoft Management Console (MMC) 
IIS Management snap-in. You can also use the Stsadm command 
(stsadm.exe). To use Stsadm, open a command prompt and focus it 
on the BIN folder by typing 

cd %CommonPrograniFiles%\Microsoft Shared\ 

Web Server Extensions\12\bin 

Then type the command 

stsadm o getadminport 

to get the port number. 

Better yet, you can set Central Administration on each of your 
farms to a standard port number of your choice. There are two ways 
to specify the port for Central Administration. The first is to per¬ 
form an advanced installation instead of a basic installation. After 
performing an advanced installation, run the SharePoint Products 
and Technologies Configuration Wizard. The wizard presents the 
Configure SharePoint Central Administration Web Application page, 
where you can configure the port manually. 

Alternatively, you can use Stsadm to configure the port after 
either a basic or advanced installation. From a command prompt 


focused on SharePoint's BIN 
folder, type 

stsadm o setadminport port 
port_number 

Stsadm also takes other 
switches, such as -ssl, which 
lets you enable Secure Sockets 
Layer (SSL) encryption for the administration port. 

The "Non-Fully Qualified" URL for Central 
Administration 

Sometimes, the URL of a SharePoint web application isn't what you 
want it to be. SharePoint Central Administration, for example, might 
be tied to a non-Fully Qualified Domain Name (FQDN), such as 
http://server01:9999. You can change the URL of Central Adminis¬ 
tration to a more accessible name, such as http://server01.contoso 
.com:9999. To do so, open a command prompt and type 

cd %CommonProgramFiles%\Microsoft Shared\Web Server 
Extensions\12\bin 
Then type 

stsadm o addzoneurl \\tt\i\//<currentURL> urlzone default 
zonemappedurl http://</?eivF/?/.>. 

In our example, the command would be 

stsadm -o addzoneurl http://server01:9999 -urlzone default 
-zonemappedurl http://server01.contoso.com:9999 

Drilling Down to Use Stsadm 

You've seen several examples of using Stsadm commands in this 
article, and in each you've had to drill down to its folder in the Pro¬ 
gram Files directory. You'll quickly get tired of doing that. To make 
it easier to use Stsadm, use the following method to open a special 
Stsadm-enabled command prompt. Open Notepad and enter the 
following four commands, one per line: 

©echo off 

set path=%path%;%CommonProgramFiles%\microsoft shared\ 
web server extensions\12\bin 
cmd.exe 
©echo on 
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Save the file as "STSADM Command 
Prompt.bat" Include the quotation marks, 
so that the file is saved as a batch file and 
is not given a .txt extension. Double-click 
the batch file, and a command prompt will 
open. The command prompt includes the 
path to Stsadm, so you can use the com¬ 
mand without specifying its full path. 

Missing Command-Line 
Administration Tasks 

Although Stsadm lets you perform some 
important functions from the command 
line, there are several tasks it doesn't 
perform. Luckily, SharePoint MVP Gary 
LaPointe has contributed a phenomenal 
set of Stsadm extensions to the commu¬ 
nity. You can find them at stsadm.blogspot 
.com/2QQ7/Q8/stsadm-commands_Q9 

.html . At the time of this writing, he had 
added 41 additional capabilities to Stsadm. 
Among my favorites are extensions that 
make it easier to copy content types, lists, 
and security settings between sites, but 
with as many extensions as Gary has cre¬ 
ated, there are sure to be a handful of useful 
options for you. 

The Lack of a Checkin Documents 
Permission Level 

When a user checks out a document, then 
forgets to check it in, other users can't edit 
the document. This is particularly painful 
when the user leaves on vacation, resigns, 
or is terminated. Anyone who has Design 
(or Full Control) permissions to a library 
(or to the individual document) can check 
in the document or discard the checkout. 
But it's annoying to have to escalate such 
a simple matter to the site administrators. 
Many organizations want to allow a subset 
of a library's users—perhaps the managers 
of the team or department—to check in 
documents that are locked for editing. 

The Override Check Out permission 
allows one user to check in a document 
checked out by another user. The same per¬ 
mission allows a user to discard the check¬ 
out of a document checked out by another 
user. This permission is part of the Design 
and Full Control permission levels. You can 
delegate this specific permission by creat¬ 
ing a new permission level. To do so, follow 
these steps: 

1. Open the Site Settings page. 

2. Click the Advanced Permissions link. 


Edit PermrssiQn Level 




Figure 1: Creating a new permission level 
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3. On the menu 
bar, click Settings 
and choose Permis¬ 
sion Levels. 

4. Click the Add 
a Permission Level 
button. 

5. Enter a 
descriptive name, 
such as Manage 
Check Out. 

6. In the List 
Permissions sec¬ 
tion, select Override 
Check Out. Other 
required permis¬ 
sions will automati¬ 
cally be selected, as 
Figure 1 shows. 

7. Click OK. 


After creating the 
permission level, 
follow these steps to 
create a role that will 
be associated with 
the permission. 

1. Open People 
and Groups. 

2. In the menu 
bar, click the New 
button drop-down 

arrow, then choose New Group. 

3. Enter a group name, such as Docu¬ 
ment Check Out Managers. 

4. If you want the group to have this 
permission for all lists and libraries in 
the site, select the permission in the Give 
Group Permission to this Site box. If you 
want to assign the group permissions to 
one or more specific lists or libraries, then 
clear all permissions. 

5. Click OK. 

Finally, you can give the role permission 
to the site or to one or more specific docu¬ 
ment libraries (or lists). To assign the group 
Override Check Out permission to the entire 
site, select the permission in step 4, above. 
To assign the group permission to one docu¬ 
ment library, open the permissions for the 
library, add the group (click the New button 
and choose Add Users), and select the per¬ 
mission level, as Figure 2 shows. 

When you assign the role to a site or 
library, that site or library may be inherit- 
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Figure 2: Assigning a permission to a role 


ing permissions fi:om its parent—the default 
security model in SharePoint. You'll have to 
break inheritance before you can assign a new 
permission at that level. To do so, click the 
Actions button and choose Edit Permissions. 

SharePoint—both WSS and MOSS—are 
enormous products, so the list of annoy¬ 
ances is also enormous. We may have just 
scratched the surface in this article, but 
each week the To The SharePoint newslet¬ 
ter addresses solutions to annoyances, best 
practices, and insight into SharePoint tech¬ 
nologies. You can subscribe to the newslet¬ 
ter at www^fficesharepoin^roxom. ^ 

InstantDoc ID 100740 

Dan Holme 

( danh@intelliem.com) is director 
of consulting at Intelliem, which 
delivers solutions-focused training 
and consulting services support¬ 
ing enterprise SharePoint, Office, 
Windows, and Active Directory 
implementations. He's also the 
community leader of www 
.officesharepointpro.com . 



34 JANUARY 2009 Windows IT Pro 


We're in IT with You 


www.windowsitpro.com 


























ShaE^oInt 

SKowcase 


top resource for SharePoint products and services 


AAvePoint 


DocAve vS -The worlds most povi^rHil and aw^Td-winning 
solution for SharePoint b^kup, disaster recoery, administration, 
repiicau'of^ archiving, compliance, and migracion. 


Unleash the power of^KirePoint! 


savision 


racfcspoce' 

HOSTiNG 

Rackspace Hosting offers fie^ble arxl customizable 
Sharcpoint solutions backed by our Fanatical Support Pronw’" 


Let 11$ manage your FT needs. We are here 24x7x365, Live. 


www.rackscace.coftT/sdutiona/saviceVshareDoiniphp 


Namescape 

f^Arm^rnrv 


www^vepQint.cQm 


Ac-Wrc D/rectnry. 


rDirectory' is the most Sophisticated Web 
Directory on the Market rDirectory is an. 
enterprise identity management solution 
that is a secure, web-based directory 
solution that you can trust. 



Live Maps for Operations Manager 2007 
empowers FT organizationsto combine 
any imaginable background image with 
Operations Manager 2007 data to create 
rich, context'3ware monitoring maps 


wvwv.savisjon.co 


www.na mescape.conVProd uct s/Default,a spx 


Distributed caching for SharePoint run¬ 
ning on server farms. Stores session-state 
or cached application data and provides 
linear scalability, high availability, and 
fast, farm-wide data access, 

www.scaleoutsoftware.coni 

© ScaleOut 
Software 


EPMUve 


EPM Live is a leading provider of project 
and work management solutions built on 
the Microsoft SharePoint platform, 

www.epmlive.com 


IntelliGantt is a collaborative solution 
that is quick to implement, easy-to-use, 
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■ Antispam 

■ Remote Management 



■ Email 

■ Security 


Spam is big business, and spammers 
are highly motivated to continually 
develop new spamming techniques. 
Meanwhile, vendors constantly work 
on new strategies to combat these 
attacks. Sendio's newest strategy is 
the Email Security Platform (ESP) 
appliance. 

As a first line of defense, ESP uses 
a proprietary technology known as 
SilverListing to verify that a sending 
mail server is legitimate. "It's a very 
basic test to see if that server is will¬ 
ing to do a retry—we pretend that the 
mail server on our side is temporarily 
unavailable. This protects ninety to 
ninety-five percent of the bandwidth 
that is currently being wasted due to 
spam," said Tal Golan, president, CTO, 
and founder of Sendio. 

Unlike content filters, ESP includes 
a human element by using sender 
address verification to authenti¬ 
cate email. First-time senders to 
a protected email address get an 
automated return message asking 
the sender to verify that he or she is 
a legitimate sender—something a 
spam bot can't do. After a user sends 
or receives an initial email message, 
he or she is authenticated from that 
point forward. For messages that are 
sent through distribution lists, such as 
email newsletters, users can specify 
senders whose messages are auto¬ 
matically allowed to go through. 

In addition to offering Sender 
Policy Framework and Domain Keys 
Identified Mail out of the box, ESP 
scans outbound messages, preventing 
spread of viruses. The ESP 360 appli¬ 
ance, designed for small-to-midsized 
businesses, is $1,995. The ESP 430, 
designed for large enterprises, is 
$7,995. The subscription license starts 
at $2.25 per month per user, with 
volume discounts available. For more 
information, contact Sendio at 949- 
274-4375 or visit www.sendio.com. 


www.windowsitpro.com 



McAfee-Compatible Log and 
Event Management 

LogRhythm's self-titled LogRhythm 
product has achieved McAfee Compatible 
status under McAfee's Security Innovation 
Alliance (SIA) program. McAfee tested Log- 
Rhythm and validated the software's ability 
to forward alert information to McAfee's 
security and compliance management sys¬ 
tem, ePolicy Orchestrator.The integrated 
solution enables real-time monitoring and 
notification, threat detection, and incident 
response. For more information, contact 
LogRhythm at 303-413-8745 or visit www 
.logrhythm.com . 

Manage Desktops Without a VPN 

AdventNet announced Desktop Central 
6 . 0 , the latest release of its desktop man¬ 
agement solution. The new version lets 
admins manage desktops of roaming users 
and users in branch offices across a WAN 
from a central location by using HTTPS 
instead of a VPN connection. Desktop 
Central assists with software deployment, 
patch and asset management, and service 
pack installation and provides user logon 
and Active Directory (AD) reports. It can 
be used to manage desktops in AD, work¬ 
groups, and directory services-based net¬ 


works such as Novell's eDirectory. Desktop 
Central Professional starts at $995 for 100 
systems and is available for a free 30-day 
evaluation; a free edition is available for 
small businesses. To learn more, go to 
manaqeenqine.adventnet.com . 

Prevent Internal Data Theft 

A huge threat to an organization's data 
security comes from within, from users who 
can download, upload, and print informa¬ 
tion from corporate computers at will. 
DeviceLock's flagship product, DeviceLock, 
ensures that security policies are enforced 
by controlling user access to removable 
devices, ports, and printers. The latest ver- 
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■ NEW & IMPROVED 


Automatic Power- 
Management Policies 

To help companies save energy and money, 
Triumfant announced the Green IT Power Man¬ 
agement Option Pack for its Triumfant Resolu¬ 
tion Manager computer-state monitoring and 
control product. With the option pack, Triumfant 
Resolution Manager can detect when a PC is out 
of compliance with the company's power-man¬ 
agement policies and adjust the PC accordingly. 
Companies can use the option pack's features 
to configure PCs to use little or no power during 
set times (e.g., nonbusiness hours); Wake-on- 



LAN technology automatically returns PCs to 

a ready state when IT maintenance tasks are scheduled. To learn more, 
contact Triumfant at 301-917-6280 or go to 


Sale? by Category 


www.triumfant.com/GreenlT.asp. 


sion, DeviceLock 6.4, enhances the prod¬ 
uct's features by offering file-type detection 
and filtering, as well as context-based 
policies for DeviceLock agents. For more 
information, contact DeviceLock at 925- 
231-4400 or go to www.devicelock.com. 

Email Archiving for 
Compliance 

H&S Software's exchange@PAM email 
archiving and life cycle management 
solution has been enhanced to meet the 
ongoing demands of email archiving 
regulations. exchange(S)PAM 3.5 lets you 
establish legal holds to ensure that speci¬ 
fied documents are locked and accessible 
only for legal and auditing purposes. 
Additionally, the product's Direct Archive 
technology has been redesigned and 
extended to use asynchronous event sinks 
to improve Exchange performance while 
Direct Archive jobs run. To find out more or 
request a free trial version, visit 
www.hs-soft.com . 

Control Computers and Networks 
Remotely 

StarTech.com announced the availability 

of its Conyx 16 Port Enhanced Serial 
Console Server, which lets systems admin- 
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Collaborate and 
Oversee Project 
Management 


istrators and network managers monitor 
and control their computers and networks 
from anywhere in the world over a TCP/IP 
connection. The console server provides 
consolidated access and control of all con¬ 
nected serial consoles on devices such as 
UNIX, Linux, and Sun Solaris servers, as well 
as routers, switches, PBXs, telecommunica¬ 
tions equipment, and power-distribution 
units. The unit also provides a DHCP client 
for dynamic IP assignment, offline data log¬ 
ging, out-of-band access, and encryption. 
The Conyx 16 Port Enhanced Serial Console 
Server costs $1,195. Contact StarTech.com 
at 800-265-1844 or visit www.startech.com 
for more information. 


Bamboo Solutions has 
released Bamboo 

Project Management Suite, a collection 
of the company's Web Parts, designed 
for project managers looking to create 
a highly productive, web-based project 
management environment in SharePoint. 
The suite can be deployed on either a 
single server or as a system across mul¬ 
tiple departments within an enterprise. 

The Project Management Suite also offers 
a Premium Annual Support subscription 
that gives customers new Web Parts that 
are added to the suite over the life of the 
subscription. For more information, contact 
Bamboo Solutions at 877-226-2662 or visit 
www.bamboosolutions.com. 

InstantDocID 100673 
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REVIEW 


SolarWinds Orion Network 
Performance Monitor 


Read the complete review at www.windowsit 
pro.com , InstantDoc ID 100471 . 

Network Performance Monitor (NPM) is part 
of the SolarWinds Orion web-based product 
line, introduced in 2001. NPM is a mature, 
fully featured monitoring and alerting sys¬ 
tem that provides basic SNMP monitoring; 
add-on modules provide options geared 
toward large networks. 

NPM uses Internet Control Message Pro¬ 
tocol (ICMP) ping requests to gather basic 
connectivity and response-time information 
and, for network devices that support this, 
can gather additional information by using 
SNMP queries and Cisco lOS NetFlow. NPM 
can also receive Syslog output and SNMP 
traps for error detection and 
alerting. Licensing for NPM is 
per monitored interface, and the 
product features modular pric¬ 
ing so you can buy only the fea¬ 
tures you need. Add-on modules 
let Orion NPM monitor NetFlow 
devices, wireless appliances, and 
VoIP networks and also let NPM 
monitor more devices as your 
network grows. 


that let you customize your NPM instal¬ 
lation. For example, with Map Maker you 
can create your own active network map, 
replacing the web console default map that 
Figure 1 shows. 

The Custom Attributes feature lets you 
select and group sets of network devices for 
management and reporting. You can create 
a custom attribute to group nodes, inter¬ 
faces, or volumes (the three classes of net¬ 
work assets that NPM monitors) and define 
it to contain numeric, text, or date/time 
data. You can assign values either manually 
or by importing a spreadsheet containing 
the data. NPM's account-management 
elements let you create custom NPM user 
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NPM Components 

A Standard NPM installation is 
designed to effectively monitor 
and manage up to 1,000 nodes. 

You can monitor much larger 
networks with help from other 
SolarWinds products.The product runs on 
Windows Server 2003, using Microsoft IIS 
for the NPM web console, and sets up eight 
SolarWinds services on the server. Solar¬ 
Winds will add support for running Orion 9 
on Windows Server 2008 next year. 

NPM includes two Uls. System Manager, 
a GUI that runs from the NPM server's con¬ 
sole, is the traditional interface for configur¬ 
ing NPM. The Orion Web Console, new in 
version 9, is becoming the primary interface 
for monitoring and managing network and 
node status but doesn't yet support some 
activities, such as network discovery and 
alert configuration. The Start menu includes 
almost two dozen other support programs 




Figure 1: Orion NPM default network map 


accounts and limit what they can do. 

NPM's alerting system is powerful, flexi¬ 
ble, and relatively easy to use. NPM can gen¬ 
erate alerts when an event occurs or when 
a monitored value for a node, interface, or 
volume passes a threshold. NPM supports 
13 alert actions, including a standard com¬ 
plement of notification options, automatic 
execution of a script or program when a 
particular event occurs, and an escalation 
sequence if an alert isn't acknowledged 
within a designated period of time. You can 


John Green | john@nereus.cc 


define alert actions according to time of day 
and day of the week and specify other con¬ 
ditions to suppress an alert. If the situation 
that triggered the alert no longer exists, or if 
other conditions you designate occur, NPM 
automatically resets the alert and executes 
other actions you specify. 

Adding It Up 

NPM features other nuggets, such as sup¬ 
port for polling custom SNMP Management 
Information Bases (MIBs). Although NPM's 
flexibility and full feature set demonstrate 
its maturity as a product, the new web Ul 
in version 9 still has room for enhance¬ 
ment. You'll find yourself moving between 
the web Ul for most routine tasks and the 
System Manager GUI and its associated 

utilities for other configuration 
and customization projects. 
Whether you're in the market 
for basic SNMP network per¬ 
formance monitoring or need 
a full suite of network diag¬ 
nostic tools and application 
monitors, SolarWinds belongs 
on your short list. 

InstantDoc I D 100471 

SolarWinds Orion NPM 

PROS: Mature SNMP-based 
network performance monitor; 

^ lets you add wireless, VoIP, and 
NetFlow monitoring support as 
needed; provides easily configu¬ 
rable custom alerts and reports 

CONS: New, web-based interface lacks some 
features of traditional GUI 


RATING: 


♦♦♦♦ 


PRICE: Starts at $2,475 for 100 network inter¬ 
faces 

RECOMMENDATION: Whether you want basic 
enterprise network monitoring or a full suite of 
network diagnostic tools and monitors, I recom¬ 
mend Orion 9 for its full feature set and ease of 
use. 

CONTACT: SolarWinds« www.solarwinds.com « 
866-530-8100 
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VIPRE Enterprises 

Read the full-length review at www.windows 
itpro.com , InstantDoc ID 100756 . 


I've never been a fan of antivirus suites, 
especially their enterprise implementations, 
which are often difficult for small to mid¬ 
sized businesses (SMBs) to set up and man¬ 
age. Sunbelt Software has made some big 
promises for its new VIPRE antivirus/anti¬ 
spyware product, including low utilization 
of system resources and reduced download 
time for definition updates, so I was keen to 
see whether VIPRE delivered on its pledges. 

Setting Up VIPRE 

I found VIPRE's setup routine to be quick and 
simple, and you can customize the configura¬ 
tion anytime after the initial install. The prod¬ 
uct features configurable dashboards (see 
Figure 1), which let you create a customized 
command center where you can access your 
most-used reports and policy controls. 

One disadvantage is that although 
you can use multiple VIPRE servers in your 
organization for scalability, VIPRE wasn't 
designed to do so. VIPRE can control and 
report only on agents deployed from a 
given server. For organizations with distrib¬ 
uted networks, updates to agents are throt¬ 
tled by sending data in small 64KB packets. 

Deploying Antivirus Agents 

VIPRE Enterprise is a policy-based system, 
and you can manage an agent's configura¬ 
tion using different policies for differing 
needs. Integration with Active Directory 
(AD) lets you link policies to organizational 
units (OUs), so you can base the configura¬ 
tion on your existing OU structure. 

VIPRE lets you push agents to clients 
directly from the administration console 
and automatically discovers machines on a 
network, either by using IP address ranges 
or AD. You can choose to distribute agents 
as a Windows Installer package (.msi) or 
standard .exe file through either Group 
Policy Software Deployment or Microsoft 
System Center Configuration Manager. 

Protection 

VIPRE's real-time antivirus and malware 
monitoring is based on three checks: pat¬ 
tern matching, heuristics, and behavioral 



REVIEW 


1 





Figure 1: Sample VIPRE Enterprise dashboard 


analysis. Unlike most antivirus and antispy¬ 
ware products, VIPRE's realtime scanning 
(Active Protection in VIPRE terminology) is 
turned off by default. This improves VIPRE's 
overall system performance but increases 
the chance of infection. Rootkit detection is 
provided by FirstScan, which checks crucial 
areas of the system before Windows starts. 
The VIPRE agent boasts efficient scanning 
speeds and a low memory footprint of just 
67.3MB during a manual scan. 

VIPRE also lets you configure what soft¬ 
ware an end user may run—similar to Win¬ 
dows software restriction policies (SRPs). And 
if Windows Defender doesn't play nice with 
your antivirus policies, you can disable it from 
the VIPRE console. 

VIPRE lets users download the standard 
EICAR antivirus test file from the Internet 
when it's formatted as a .txt or .zip file; VIPRE 
doesn't block the EICAR file until the user 
tries to open the file locally—assuming 
Active Protection is configured to scan 
when files are opened. VIPRE waits to quar¬ 
antine the code only when it's renamed as a 
.com or .bat file. 

Enterprise Features 

Users can run reports at designated times 
and email reports to specified users. Also, 
the download updates via the Internet if 
local updates are unavailable setting is 
great for users who rarely connect to the 


corporate network but still need updated 
threat definitions. 

Going the Distance 

Sunbelt Software doesn't provide a com¬ 
prehensive range of antivirus solutions for 
protecting enterprise applications, such as 
those offered by ESET or Symantec, which 
could be a disadvantage for companies that 
want to deal with one vendor for all their 
antivirus needs. Despite some confusing 
labeling and wording in the administra¬ 
tion console, VIPRE's simple but effective 
approach should appeal to SMBs. As part 
of a multilayer defense strategy, VIPRE is 
enough to prevent serious virus and mal¬ 
ware infestations on a network. 

InstantDoc ID 100756 


VIPRE Enterprise 3.1 

PROS: Is quick and easy to install; uses few 
resources; does quick scans; integrates with AD; 
provides customized reporting 

CONS: Provides no parent or secondary server 
support 

RATING: 

PRICE: From $38.75 per seat 

RECOMMENDATION: As part of a multilayer 
defense strategy working with a simple network, 
VIPRE should be enough to prevent serious virus 
and malware infestations. 

CONTACT: Sunbelt Software • 727-562-0101 • 
888-688-8457 • www.sunbeltsoftware.com 
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PRODUCTS 


COMPARATIVE REVIEW 


Endpoint-Protection 

Products 


E ndpoint-protection products incorporate various technologies that monitor common ways 
in which intruders can compromise your computer system's functioning and information 
privacy. Such products include antivirus software, anti-rootkit-scanning tools, client fire¬ 
walls, and email scanners. (See the web-exclusive sidebar, “Types of Endpoint Protection 
Products, www.windowsitpro.com , InstantDoc ID 100861 , for a basic explanation of these 
product types.) I review a sampling of five endpoint-protection products that incorporate 
these features to help you get decide what will best protect your system. 

ESET Smart Security Business Edition 

ESET Smart Security Business Edition includes antispam and firewall features in addition to those found 
in the company's flagship ESET NOD32 Antivirus. Smart Security Business Edition features remote 
administration, local update mirroring (which lets local systems get updates from local systems, reduc¬ 
ing Internet traffic and the load on the vendor's servers), and the ability to install the product on both 
servers and workstations protected by Smart Security. 

Smart Security Business Edition comprises four installable components. Smart Security is the anti¬ 
virus, antispam, and firewall client piece that protects servers and workstations. ESET Remote Access 
Server communicates with client systems, collecting status information and coordinating scan, update, 
and conflguration requests. You can deploy one or a replicated hierarchy of remote access servers in 
various locations to suit your organizational structure. There's a GUI console, ESET Remote Administra¬ 
tor Console, which Eigure 1 shows, and finally, threat signature updates, which Smart Security systems 
can get directly from ESET company servers or from update mirrors that you can configure on Smart 
Security or Remote Access Server systems. 

Smart Security stores conflguration parameters in XML files that you create by using the ESET 
Conflguration Editor. Although Smart Security's components are highly configurable with dozens of 
parameters, the basic initial conflguration pattern is simple. 

I used the console to install Smart Security to Windows Vista and Windows XP systems. The console 
lets you browse the network, drag target systems to a list, select the appropriate installation conflgura¬ 
tion, and install. Updating a client conflguration requires using the Conflguration Editor to create or 
modify an XML conflguration file. 


Find the 
best security 
technology to 
thwart intruders 
on your network 
clients 

by John Green 


You apply the update to clients using 
an update task. 

You can easily implement Smart 
Security's user-defined groups. 
Each client can belong to several 
groups, and you can select a subset 
of systems to display via the console. 
Administrators can choose one of 
three ways to manage Smart Secu¬ 
rity's firewall: automatic, based on 
ESET's predefined rule set; interac¬ 
tive, in which you create a rule the 
flrst time you access a program or IP 
port; or policy-based, in which you 
configure the rule set to block unde- 
flned communications. 

Likewise, you can configure three 
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Figure 2: Managing McAfee Total Protection Service via the SecurityCenter website 


levels of action when Smart Security detects 
an infected file: Ask the user to choose an 
action, automatically take the action ear¬ 
marked for that threat, or aggressively clean 
all infected files. Automatic actions don't 
delete infected compressed archives that 
also contain uninfected files; the aggressive 
option does so. 

Smart Security is easy to install and 
configure. Some users will appreciate the 
layered configuration approach capability, 
which lets you create configuration files that 
affect only part of the full feature set. The 
lack of named-policy-based configuration 
makes more work for the administrator, but 
ESET will tackle that need in an upcoming 
release. Smart Security Business Edition is 
the ticket if you're looking for an easy setup 
and support for multiple locations. 


ESET Smart Security Business Edition 

PROS: Easy-to-use console; management server 
can run on a workstation; update mirrors set up 
easily for users with satellite offices; provides 
many configuration options and XML-based 
config files 

CONS: Requires running an "update" job to apply 
configuration changes 

RATING: 

PRICE: $11.99 to $40.99 per endpoint, depend¬ 
ing on quantity 

RECOMMENDATION: Recommended for 
midsized-to-large organizations with satellite 
offices and mobile users because of its solid fea¬ 
ture set and support. 

CONTACT: ESET • 619-876-5400 • www.eset.com 


McAfee Total Protection 
Service-Advanced 

McAfee Total Protection Service-Advanced 
includes the features of the standard version 
of Total Protection Service (server and client 
antivirus, antispam, and client firewall com¬ 
ponents, McAfee SiteAdvisor, and Outlook 
client email scanning) and adds licensing 
to use McAfee Secure Messaging Service for 
Small Business, which provides additional 
antivirus protection and spam filtering. 
You can manage the service using McAfee's 
SecurityCenter website, shown in Eigure 2, 
which sends weekly reports and gives you 
configuration tools and on-demand access 
to the status of your protected systems. 


Protected clients communicate with the 
Network Operations Center to provide sta¬ 
tus information and download updates. A 
feature called Rumor Technology lets com¬ 
puters that lack a direct Internet connection 
get their updates from another Total Protec¬ 
tion Service client. Designed particularly for 
small organizations or those without an IT 
infrastructure, this product offers an online 
tutorial that walks users through the client 
installation. 

The McAfee SecurityCenter status screen 
shows the number of clients running up-to- 
date software and provides summaries of 
filtered email and license usage. Each cli¬ 
ent computer belongs to a nonhierarchical 
group, and each computer in a group takes 
on the configuration defined by the policy 
assigned to that set. The default policy per¬ 
forms on-access scanning for files (but not 
within archives), prompting users to action 
when it detects potential spyware, and lets 
users configure firewall rules. Total Protec¬ 
tion Service automatically applies policy 
changes to every client in assigned groups 
at the next update interval. 

1 successfully used the browser/URL 
method to install Total Protection Service to 
Windows Vista and Windows XP systems. 
You can also add antivirus, firewall, and 
browser protection and choose a policy 
group for the system to join. 

McAfee TPS-Advanced is easy to operate 
and manage. 1 recommend it for users who 
want centrally managed endpoint protec¬ 


tion without the fuss of setting up a manage¬ 
ment infrastructure. 


McAfee Total Protection Service- 
Advanced 

PROS: Because product is a web service, it 
requires no onsite hardware; client installs via a 
web URL or an executable; relatively simple to 
deploy and administer 

CONS: Limited configuration and reporting 
options 

RATING: 

PRICE: Starts at $52.48 per client for a one-year 
subscription or $78.71 for a two-year subscription 

RECOMMENDATION: I recommend this easy- 
to-use product for organizations that have a 
limited IT infrastructure and uncomplicated pro¬ 
tection requirements. 

CONTACT: McAfee • 888-847-8766 • 
www.mcafee.com/us 


Sophos Endpoint Security 
and Control 8 

Sophos Endpoint Security and Control 8 
comprises the Sophos Antivirus engine, 
Sophos Client firewall, and Sophos Network 
Access Control (NAC). The Sophos Enter¬ 
prise Console, which Eigure 3 shows, and 
the Sophos NAC Console provide central¬ 
ized endpoint management. 

Endpoint Security and Control is the 
only product in this review that incorporates 
NAC features such as access to USB-based 


44 JANUARY 2009 Windows IT Pro 


We're in IT with You 


www.windowsitpro.com 













ENDPOINT-PROTECTION PRODUCTS* 



Figure 3: Sophos Enterprise Console 

devices. It's also the only product that lacks 
built-in email monitoring and spam detec¬ 
tion, although you can buy the product bun- 
led with Sophos Email Security and Control. 
The product also requires a Windows Server 
OS and Microsoft SQL Server to support its 
console-management features. 

I installed the Enterprise Console on a 
Windows Server 2003 system with Micro¬ 
soft SQL Server Desktop Engine (MSDE) 
in place. A wizard helped me configure the 
EM Library, which lets you subscribe to, 
download, and maintain files of updates for 
Sophos. To distribute the client-update load, 
organizations with several locations can 
install the EM Library component on other 
servers or create a remote network share to 
hold update files for remote clients. Next, I 
installed NAC Manager on the management 
server. The NAC features incorporated with 
the product include endpoint assessment 
and quarantine. 

From the Enterprise Console, you can 
add client software for Windows 2000 and 
later computers after you ensure that the cli¬ 
ent meets certain prerequisites. You can also 
run the installation package directly on the 
client without using the Enterprise Console 
UI or Endpoint Security server. 

Sophos uses policies and named groups 
to facilitate endpoint management. Policies 
define how Endpoint Security and Control 
behaves on managed clients. You need to 
customize the product's default policies. 
The default antivirus policy performs on- 
access scanning but takes no action when it 


detects a threat. The default firewall policy 
blocks all traffic; thus, the first task after 
installing the client firewall is to create a 
firewall policy. To apply a policy, you drag 
and drop it on the appropriate groups. 

The product has three predefined NAC 
policies: default and managed for Sophos 
agent-based clients and unmanaged for 
guest systems. You can and should edit 
the managed and default policies, but the 
unmanaged policy is fixed. 

Endpoint Security and Control is easy 
to install and manage. Its antivirus com¬ 
ponent supports a broad set of platforms, 
and the policy-based design automatically 
keeps client systems up-to-date as policies 
change. The console-initiated installation 
feature works well when you can configure 
target client systems to meet the access pre¬ 
requisites. The integrated NAC assessment, 
remediation, and enforcement protection 
is a real plus, helping you know when cli¬ 
ent systems comply with policies and limit 
network access of noncompliant systems. 
This product can serve you well, particularly 
if the NAC features or antivirus support for 
non-Microsoft systems are important to 
your organization. 


Sophos Endpoint Security 
and Control 8 

PROS: Supports many platforms besides 
Windows; includes NAC features for endpoint 
assessment and quarantine; provides policy- 
based configuration 


CONS: Email scanning and spam control not 
included 

RATING: ♦♦♦♦O 

PRICE: $2,487.50 for a one-year subscription for 
50 users; $3,234.50 bundled with Sophos Email 
Security and Control 

RECOMMENDATION: I recommend Sophos 
Endpoint Security and Control 8 to midsized and 
large organizations, particularly those that can 
benefit from the product's NAC features. 

CONTACT: Sophos • 866-866-2802 • 
www.sophos.com 


Symantec Endpoint Protection 11.0 

Symantec Endpoint Protection 11.0 incor¬ 
porates antivirus and antispyware compo¬ 
nents, such as rootkit protection, antispam, 
firewall, intrusion detection and prevention, 
USB data-device control, and application 
control measures. The product includes a 
management server application. Endpoint 
Protection Manager, which tracks and coor¬ 
dinates the activities of managed clients and 
uses either an included database or SQL 
Server. Symantec Endpoint Protection Con¬ 
sole is a lava client application supported 
by Microsoft IIS on Endpoint Protection 
Manager. 

I installed Endpoint Protection Manager 
on a Windows 2003 system configured with 
IIS and used the migration and deploy¬ 
ment wizard to deploy the product on the 
management server. The wizard created a 
deployment package and ran it on the client. 
Because the migration and deployment wiz¬ 
ard is available only from the management 
server's start menu, the push-deployment 
feature isn't accessible when you work from 
a remote console. I completed my testing by 
running the console on an XP Professional 
x64 Edition system. The console is attrac¬ 
tive and easy to navigate, although I found 
its performance sluggish compared with a 
typical Windows GUI. 

Each client is a member of a group, and 
within each group you can define one or 
more network locations, such as LAN and 
Home, and can assign configuration policies 
to each location within a group. You can also 
divide a group into several administrative 
domains for distributed management. The 
location membership can be dynamic within 
Symantec Endpoint Protection. As you define 
a location within a group, you can define 
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a characteristic (e.g., an IP address range 
or VPN client in use) that causes Endpoint 
Protection to dynamically assign the client to 
that location and automatically reconfigure 
the client with the policy for that location. 

The product uses six classes of policies: 
antivirus/antispyware, firewall, intrusion 
prevention, application and device control, 
LiveUpdate, and Centralized Exceptions. 
As I clicked through the policy menu, I was 
impressed by the variety of configuration 
options Symantec Endpoint Protection sup¬ 
ports. A padlock icon next to most configu¬ 
rable choices lets you determine whether 
the client system user can alter a particular 
option. You edit firewall rules from the 
screen shown in Figure 4. Editing rules is 
a bit clumsy because you need to select an 
option from the right-click menu for each 
field within the rule. 

Symantec Endpoint Protection includes 
these predefined report types: audit, appli¬ 
cation and device control, compliance, com¬ 
puter status, network threat protection, risk, 
scan, and system. You can save on-demand 
reports in .mht format, or you can schedule 
reports to be emailed to you. 

I found Symantec Endpoint Protection's 
features set complete and simple to learn. 
Although I was somewhat frustrated with 
the console's slow response at times, the 
console itself was easy to navigate. I recom¬ 
mend Symantec Endpoint Protection to 
large organizations with many locations or 
a mobile workforce that can benefit from the 
product's granular configurability. 


Symantec Endpoint 
Protection 11.0 


PROS: Provides highly customizable, 
policy-based configuration; offers extensive 
feature set including security policy assignment 
based on network location 



CONS: Java-based console was slower to 
respond than other products' consoles 

RATING: ♦♦♦♦O 

PRICE: $31.80 to $51.60 per seat 

RECOMMENDATION: I recommend Symantec 
Endpoint Security 11.0 for large organizations 
with a diverse and mobile workforce that can 
benefit from its full and highly configurable 
feature set. 


CONTACT: Symantec • 800-745-6054 • 
www.symantec.com 



AVG Internet 
Security Network 
Edition 8.0 

AVG Internet Secu¬ 
rity Network Edition 
combines the anti¬ 
virus, antispyware, 
client firewall, email 
scanning, and web 
browsing protec¬ 
tion found in AVG 
Internet Security 8.0 
with server-based 
deployment and 
client-management 
features. The product 
provides heuristic Figure 4: \^ewing firewall 

and signature-based 

antivirus scanning, email scanning that 
supports Outlook and standard SMTP and 
POPS clients, and rootkit scanning. 

The AVG administrative server has two 
roles: DataCenter performs all administrative 
and monitoring activities, and UpdateProxy 
downloads and distributes updates to man¬ 
aged clients. I installed the admin server 
on a Windows 2003 system with the default 
Firebird database, which AVG says can sup¬ 
port installations of up to 150 endpoints. You 
can also opt to use a SQL Server or Oracle lOG 
database for larger installations. 

You use the AVG Network Installer Wiz¬ 
ard to set up the AVG endpoint-protection 
components on network-attached systems. 
The AVG Admin Console, which Figure 5 
shows, is the product's primary administra¬ 
tive interface. I also installed the console 
and the UpdateProxy role on an XP system. 

The admin server includes web-based 
status reporting accessed at a custom port. A 
graphic reports feature lets you schedule or 
generate information from the DataCenter 
role's database with any of seven predefined 
report templates. 

The Network Installer Wizard is your pri¬ 
mary tool for AVG installation-related tasks. 
You use Creation of AVG Installation Script 
mode to create installation packages to run 
from a USB drive or network share. Remote 
Network Installation mode installs AVG to 
network-attached workstations. 

The console supports full remote opera¬ 
tions, including running the Remote Instal¬ 
lation Wizard, and has a customizable 
interface. In the stations node; you can 
create named groups to organize and man- 


rules in Symantec Endpoint Protection 11.0 

age AVG client systems, which assume the 
configuration you define in each group's 
shared settings or policies. AVG offers many 
configurable options for user modification 
that you can allow or prohibit. Firewall poli¬ 
cies are separate from the shared settings 
that arrange the other components of AVG. 
You can create several distinct firewall poli¬ 
cies and assign one per group. 

AVG 8.0 has a nice feature set and is 
relatively simple to implement. The lack of 
named shared settings for nonfirewall com¬ 
ponents makes it a litde harder to configure 
those components when you have many 
groups, but the ability to control which set¬ 
tings you want to enforce on the client and 
which the user can control is useful. On the 
downside, AVG provides email notifications 
for just 10 events and only rudimentary 
reporting. Also, the remote installation fea¬ 
tures didn't work well for Vista systems in my 
test, but direct installation worked, and the 
console was able to push the configuration 
out. I recommend Internet Security Network 
Edition for midsized organizations that are 
familiar with and like AVG products. 


AVG Internet Security 
Network Edition 8.0 

PROS: Relatively easy to implement with an 
understandable architecture; easy to configure 
and work with; configurable remote console; 
named firewall policies simplify firewall 
configuration 

CONS: Offers only unnamed shared settings for 
nonfirewall configuration; elementary reporting 
and event notification; remote installation to 
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Vista systems didn't work in my test 

RATING: ♦♦♦00 

PRICE: From $259.99 for five endpoints to 
$5,674.99 for 200 endpoints, including a one-year 
subscription to updates 

RECOMMENDATION: AVG Internet Security 
Network Edition 8.0 is a workable product with 
less polish in some of its features compared with 
its competitors. I recommend it primarily for 
midsized organizations that already have and like 
other AVG products. 

CONTACT: AVG Technologies . www.avq.com 


A Tough Choice 

I rated all but one of the products 1 reviewed 
four diamonds. (AVG Internet Security Net¬ 
work Edition has configuration manage¬ 
ment and deployment weaknesses that 
earned it just three diamonds.) ESET Smart 
Security is a good choice for its ease of 
implementation and layered XML-based 
configuration. McAfee Total Protection 
Service would suite small organizations 
with limited IT resources. Sophos Endpoint 
Security shines for its endpoint-assessment 



Figure 5: AVG Admin Console 


NAG feature. And large organizations will 
appreciate Symantec Endpoint Protection's 
configurability and extensie reporting. All 
things being equal (which they rarely are), 
Endpoint Protection earned Editor's Choice 
as the best balanced product. ^ 
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Left-Bra in.com 

The IT 
Information 
Store 

Left-Bra in .com is the new online resource 
superstore stocked with educational, training, 
and career-development materials concentrated 
on the needs of IT professionals like you. 

Whether new technologies, shrinking staff, 
increased IT-service expectations, or relentless 
change across the enterprise stand in your path, 
you can get on the right side of the IT curve 
with Left-Brain.com. 
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PowerShell 201 



WHEN & WHERE 

February 26,2009,11:00 AM 
EST on your computer 

COST 

$99 (includes all three lessons) 


LESSONS 
11:00 AM EST 
Decisions Flow Control 

12:30 PM EST 

Displaying and Formatting Data 


2:00 PM EST 

Importing and Exporting Data 


INSTRUCTOR 



Paul Robichaux, a founding partner at 3Sharp, and a 
Microsoft Exchange MVP and MCSE. Paul is the auther 
ef Exchange Server Coekboek (O’Reilly and 
Associates) and blogs at www.robichaux.net/blog. 


Ease Your Scripting Pains with the 
FiexihiiityofPowerSheii! 

Join MVP Paul Robichaux on February 26,2009 
at 11:00 AM EST as he delves deep into 
PowerShell how-tos in 3 informative lessons, 
each followed by a live Q&A session! 

For more information, or to register, go to: 
www.WindowsiTPro.com/go/elearning/ 
powershell20l 

WindowsITPro 


48 JANUARY 2009 Windows IT Pro 


We're in IT with You 


www.windowsitpro.com 


















MICROSOFT iiKiiciCrN 

Qi^hange Communications WINDOWS 

( G U N N h C T I O N S) c U N N k L I I U N bl U N N b L I I U N bj 

IXuNAGEMENI GREEN IT 

(CONNECTION^ (CONNECTIONg) 


BONUS: SharePoint Administration for IT Pros Track 

Technology+Solutions=lmpact 

The premier event for the present state and future 


direction of Microsoft technologies. 



r Register 
by Feb 3rd 
and receive a 
FREE night at 
Hyatt Regency 

(based on a 3-night 


REGISTER TODAY 

» The first 500 paid attendees 


www.WinConnections.com 

wiil be maiied SQL Server 2008 

“ '-JL r -• 

800.505.1201 • 203.268.3204 

standard with one CAL 

^ ■ 1 


STEVE RILEY 

MICROSOFT 


MARK MINASI 

MR&D 


PAUL ROBICHAUX 

3SHARP 


FRANCOIS AJENSTAT 

MICROSOFT 


DON JONES 

CONCENTRATED 

TECHNOLOGY 


RHONDA LAYFIELD 

CONSULTANT/ 

TRAINER 


MARCH 15-18, 2009 


ORLANDO-FLORIQA 


HYATT REGENCY GRAND CYPRESS 


Connect to Microsoft and industry experts 
to separate technology myths from realify! 


■ 50+ MICROSOFT AND INDUSTRY EXPERTS 

■ 90+IN-DEPTH SESSIONS 

■ UNPARALLELED WORKSHOPS 

■ EXCITING ANNOUNCEMENTS 

New 

■ GREEN COMPUTING TRACK 

■ IT MANAGEMENT TRACK 


Microsoft’ TechNet 

MAGAZINE 


Conferences* 


WindowsITPro 


PENTON MEDIA 







CIO • CTO • DIRECTOR • ARCHITECT • ANALYST • CONSULTANT • VISIONARY 


STRATEGIES DEFINED 


MARCH 15-18, 2009 • ORLANDO, FL 

HYAH REGENCY GRAND CYPRESS 


PROBLEMS SOLVED 


The cutting edge event for IT Professionals. 

Attend dynamic Microsoft keynotes & get 
the scoop on the future trends in our industry! 


Beyond the Hype, 
behind the scenes. 

WinConnections brings the 
nation's top experts together 
to dive deep into the platforms 
and products you design, 
implement, and support, 
today and tomorrow. 



■ Use Terminal Services in Windows Server 2008 to deploy more 
easily, improve printing, and improve security of your applications 

■ Voice-Enable your OCS 2007 R2 Deployment 

■ Adding and deploying images via WDS 

■ Integrate Exchange Unified Messaging with 
Office Communications Server 2007 

■ Deploying Exchange 2007 with Windows 2008 Hyper-V 


> Train with Microsoft and 
industry experts delivering 
over 85+ in-depth sessions! 


■ Plan for disaster recovery with your SharePoint sites 

■ NAP; Protection built into 2008 

■ Use Windows 2008 technologies to secure remote offices 
that lack a true data center 


> Unwind in Orlando 
and make new friends.... 


■ Learn how to work with file shares in SharePoint 


Choose from many area 
attractions. 


> Enter the raffle to win a 
1 week cruise for two! 

Enter to win in the Expo Hall. 


> Visit the cabana sessions 
in the expo hall. Meet and 
interact with authors and 
speakers. 


WHAT'S HAPPENING? schedule at a glance 


SATURDAY, MARCH 14, 2009_TUESDAY, MARCH 17, 2009 


9:00ani - 4:00pni Pre-Conference Workshops 

8:30ani - LOOpm Conference Sessions 

l:00pni - 2:30pni Lunch 

2!l5pni Cruise Musttepresentto win! 

2:30pni - 5:30pni Conference Sessions 

SUNDAY, MARCH 15, 2009 

9:00ani - 4:00pni Pre-Conference Workshops 

6:30pni Microsoft Keynote 

(immediately following) Opening Reception in Expo Hall 

WEDNESDAY, MARCH 18, 2008 

MONDAY, MARCH 16, 2009 • MICROSOFT DAY 

8:00ani - I2:30pni Conference Sessions 

8:30ani - 9:30ani Keynote 

I2:30pni-2:00pni Lunch 

I0:i5ani - i:00pni Conference Sessions 

2:00pni - 3:00pni Conference Sessions 

1:00pni - 2:30pni Lunch/Expo Hall 

3:30pni - 4:l5pni Closing M 

2:30pni - 5:30pni Conference Sessions 



THURSDAY, MARCH 19, 2008 


SEE WEB SITE FOR THE LATEST UPDATES • www.WinConnections.com 


2 Register Today! • 800 - 505-1201 • 203 - 268-3204 


















KEYNOTES 


IT PROFESSIONAL • ADMINISTRATOR • ENGINEER • TECHNICIAN • EXPERT 

SESSIONS AND SPEAKERS ARE SUBJECT TO CHANGE. SEE WEB SITE FOR UPDATES AND ADDITIONAL SESSIONS. 



STEVE RILEY MICROSOFT 

How IT Will Change in the Next 10 Years and Why You Should Care 


Steve Riley replaces the batteries in his crystal ball and takes a look at some predictable and not-so-predictable trends that you should 
prepare for now. Digital natives, the generation of people who you will soon be hiring, live in and expect something completely 
different than anything you've built or experienced so far. And yes, your career depends on them-so get yourself ready. 


Steve Riley's career at Microsoft began in 1998 in the telecommunications practice of Microsoft Consulting Services where he worked with several ISPs and 
ASPs to design highly-available network architectures, develop hosting platforms for various custom and off-the-shelf applications, and deploy complex multi¬ 
site VPNs. His specialization in security led him next to the security consulting practice, where he worked with many customers to conduct security assess¬ 
ments and risk analysis, deploy technologies for attack prevention and intrusion detection, and assist with occasional incident response efforts. Steve is now 
a product manager in Microsoft's Security Business Unit. He is a frequent and popular speaker at conferences worldwide, often appearing in Asia one week 
and Europe the next; Steve's speaking engagements have included multiple Microsoft TechEds and other conferences, plus SANS, RSA, Black Hat, Windows IT 
Pro roadshows, and InfoSec US. When not evangelizing the benefits of Microsoft security technology, Steve spends time with customers to better understand 
the security pain they face and show how some of that pain can be eliminated. Steve's technical specialties include network and host security, communica¬ 
tion protocols, network design, and information security policies and process. 



MARK MINASI MR&D • The Next Windows... Lucky Seven? 


Two years sooner than originally planned, Microsoft intends to ship the next Windows - the sequels to Vista and Server 2008 - in 
under two years in the mid-2010 time frame. Additionally, Redmond will, for the first time in ten years, ship both the desktop ver¬ 
sion and server version of Windows (generically known as "Windows Seven") at the same time. 

Will Windows Seven capture buyer interest in a way that Vista could not? Well, there's some neat stuff in there, including tons of 
new application compatibility, niftier virtualization features (including a VMotion competitor), even more improvements in their 
deployment tools, tons of PowerShell-ability, security features that actually make getting to company resources easier than before, and 
of course there are the inevitable changes to the user interface. But will it be good enough to make you move from XP and 2003? Get the skinny so you can 
get ready for Windows Seven from independent industry watcher and Windows watcher Mark Minasi! 


Mark Minasi is an author, a technology columnist, a commentator, a keynote speaker, and an all-around alpha geek. What separates him from many of the 
other alpha geeks is that he knows how to explain things to normal humans and often make them laugh while doing it. He's probably best known for his books. 
Mastering Windows NT Server (Sybex), Mastering Windows 2000 Server, and The Compiete PC Upgrade and Maintenance Guide and his columns in 
Windows iT Pro. Mark has also authored 17 other technology books, spoken on technical topics in 20 countries, and written and appeared in a dozen techni¬ 
cal education videos. His most recent works are Mastering Windows 2000 Server, Third Edition and Mastering Windows XP Professionai. He has also writ¬ 
ten Linux for NT/2000 Administrators and a seventh edition of Mastering Windows NT Server 4.0. 



FRANCOIS AJENSTAT MICROSOFT • Sustainable IT within Reach 


I Environmental sustainability is a serious challenge that requires a comprehensive and global response from all sectors of soci- 
ety. Amid growing awareness about global climate change and the scarcity of resources, businesses worldwide are looking for 
/ ways to reduce their environmental footprint. Reducing energy use and rethinking business processes can increase profits and 
help companies more effectively lower their environmental footprint. It can also help their standing with environmentally aware 
_ business partners, investors and customers. In today's world, "going green" isn't just good for the planet, it's good for business. In 

this session, you will learn how you can reduce the environmental impact of IT; help manage your environmental footprint and initia¬ 
tives; and provide ways to rethink business practices to reduce your environmental impact. 


Francois Ajenstat is the Director of Environmental Sustainability at Microsoft Corp. He is responsible for Microsoft's communication and outreach for key sus¬ 
tainability initiatives across Technology and Innovation; Global Partnerships and Corporate Environmental Practices. Ajenstat has been at Microsoft for the past 
eight years in various groups, including the Server and Tools and Information Worker divisions and the Enterprise and Partner group. Before joining Microsoft, 
he worked at Cognos Inc. as a strategic alliance manager responsible for key technology partners. 

Ajenstat received a computer science degree from the University of Ottawa in Canada. In his free time, he is an avid fan of architecture and interior design, as 
well as cycling and sailing. 
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ADVANCED WINDOWS POWERSHELL 
SCRIPTING 
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WINDOWS SERVER 2008 ACTIVE 
DIRECTORY FUNDAMENTALS 
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WINDOWS SERVER 2008 R2 OVERVIEW 

MICROSOFT 

CLUSTERING WINDOWS SERVER? 
SIMPLE!? YES!!! 
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INTRODUCTION TO HYPER-V IN WINDOWS 
SERVER 2008 

MICROSOFT 

HOW TO ELIMINATE THOSE PESKY LOGON 
DCRIPTS (AND MORE!) WITH GROUP 
POLICY PREFERENCES 

MICROSOFT 


WINDOWS SERVER 2008 R2 IIS 7.0 
OVERVIEW 

MICROSOFT 

MANAGING HYPER-V USING POWERSHELL 

MICROSOFT 

WINDOWS 7 OVERVIEW 

MICROSOFT 

BUILDING A CASE FOR WINDOWS VISTA - 
THE ROAD FROM XP TO WINDOWS 7 

MICROSOFT 

ADVANCED DEPLOYMENT SCENARIOS 
WITH VISTA AND SCCM 

MICROSOFT 

MANAGING WINDOWS VISTA WITH 
POWERSHELL 
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ACTIVE DIRECTORY 


MICROSOFT'S GLOBAL FOUNDATION 
SERVICES AD INFRASTRUCTURE 

SEAN DEUBY 

When you use Hotmail, or Online Services, or 
Windows Live, have you ever wondered what kind of 
infrastructure supports such a wide array of soft¬ 
ware services? Active Directory, of course. 
Microsoft's Global Foundation Services group sup¬ 
ports these diverse customers. Come to this session 
to learn more about the GFS computing infrastruc¬ 
ture and where it's headed. 

AN AD SECURITY REVIEW 

SEAN DEUBY 

When money is tight, security reguirements can still 
loosen the purse strings. Compare your installation 
with these Active Directory security best practices, 
from the well-known to the not-so-obvious. We will 
also cover Windows 2008 security enhancements; 
remember, just one capability that really meets your 
company's business needs can justify the Windows 
2008 upgrade and all its other benefits. 

WHAT KEEPS IT PROS AWAKE AT NIGHT? 
AN AD FUNDAMENTALS CHECKLIST 

SEAN DEUBY 

As an IT professional in a time of shrinking budgets, 
the top of your to-do list probably involves fighting 
fires and getting only the most important "must-do" 
items finished. Your AD is running, but you haven't 
had time to knock out those important-but-not- 
urgent AD configuration tasks. Do you have backups 
that really work? If they do, what about a tested dis¬ 
aster recovery plan that uses them? Do you have a 
backup copy of your DNS configuration? Attend this 
session to review what you've done so far, and time- 
efficient ways to make your AD implementations 
more secure, reliable, and low effort. 


SYSTEM CONFIGURATION 
& MANAGEMENT 


GROUP POLICY: THE NEW HOPE- 
VISTA AND THE GP PREFERENCES 

JEREMY MOSKOWITZ 
When was the last time you got a gift? How about 25 
gifts? With Microsoft releasing Windows Server 
2008, Windows Vista, an updated GPMC, and the 
Group Policy Preference Extensions, it's like 
Hanukkah, Christmas and Kwanzaa in one. So learn 
what every admin needs to know in the new world. 
Learn why you need a modern management station 
to support the new GPMC. Learn how to lock out 
hardware, zap printers, and keep yourself out of 
trouble with new "MLGPOs." See the 21 new "big 
things" Microsoft has gifted to every administrator. 
Even if you're not ready for Windows Vista now. 


that's okay, you positively must come to this session 
to learn the ropes from Jeremy Moskowitz, Group 
Policy MVP. (Note some material is covered in 
Jeremy's pre-conference workshop.) 

THE SCARY TRUTH ABOUT GROUP POLICY 

DARREN MAR-ELIA 

This session is a highly advanced look at the internals 
of Group Policy-how it works at the lowest levels and 
how you can bend it to your will. This session is not for 
the faint of heart. We will look deep under the covers of 
Group Policy storage and Group Policy processing, and 
uncover mysteries such as why some registry policies 
tattoo and others don't, why Group Policy sometimes 
seems to work and sometimes doesn't, and other 
important secrets that Microsoft won't tell you. 

TIPS AND TOOLS FOR RAPIDLY 
DEPLOYING SOFTWARE IN A 
SMALL ENVIRONMENT 

GREG SHIELDS 

For a lot of small or medium-sized IT environments, 
the simple act of deploying applications is an opera¬ 
tional nightmare. Deploying a single instance of an 
app takes little more than "Next, Next, Finish". But 
doing so over dozens or hundreds of computers 
reguires dozens or hundreds of the exact same 
mouse clicks. In this session, master packager Greg 
Shields guides you through the skills and the tools to 
automate all of this. Learn to rapidly package soft¬ 
ware and deploy it out to any number of computers 
using no- and low-cost tools. No matter whether 
you're deploying 5 copies or 500, the skills you'll learn 
here will ensure every software deployment is a snap. 


GETTING USERS TO APPLICATIONS WITH 
SERVER 2008'S TERMINAL SERVICES 

GREG SHIELDS 

Terminal Services may well be one of the biggest rea¬ 
sons why you move to Server 2008. Its new capabili¬ 
ties for deploying applications, its new Web interface, 
its much improved printing, and its new security fea¬ 
tures all make Terminal Services a real winner. Join 
Server 2008 expert Greg Shields on a journey 
through all the new features. You'll see the new TS 
RemoteApps in action, learn how to deploy Terminal 
Services apps directly to your user's desktops, and in 
the end wonder why you haven't upgraded already. 

MDOP: SIX AWESOME TOOLS 
YOU'RE NOT USING TODAY 

JEREMY MOSKOWITZ 
If you can't handle demos, then don't come to this 
demonstration. Because it's full of them. In the short 
time provided, Jeremy Moskowitz, GP MVP, will 
demonstrate all five tools in Microsoft's popular 
MDOP (Microsoft Desktop Optimization Pack.) You'll 
learn how to bring systems back from the dead, pre¬ 
vent applications from killing one another, learn 
which applications are crashing the most, and how to 
do some Group Policy magic. If you've already bought 
MDOP and want to see where all the power lies, or 
you're just thinking about it, you positively need to 
come to this session. 
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ENTERPRISE SECURITY 
MANAGEMENT 


SECURING TODAY'S WINDOWS SYSTEMS 

MARK MINASI 

Server 2008 and Vista share the same basic founda¬ 
tion, which centers around a complete re-write of the 
Windows kernel. That rewrite came from a Microsoft 
determined not to repeat the embarrassments of 
Code Red, Nimda, SQL Slammer, MS Blaster and the 
rest of our nasty friends. Both Microsoft's desktop 
and server OSes now tout more secure bases-but are 
they? In this session, security consultant and writer 
of Administering Windows Vista Security: The Big 
Surprises offers a guick and independent overview of 
Windows security fundamentals and how 
Vista/Server 2008 Windows' new security tools 
change the game. Come to this session for some 
pleasant surprises, and a few chuckles. 

NAP YOUR WORLD: HOW TO KEEP YOUR 
NETWORK FROM CATCHING THE FLU 

JEREMY MOSKOWITZ 
Cough cough. That's the sound your network makes 
when one user doesn't "bundle up" with antivirus 
software. Yep, just one user later, and you've got a big 
problem. So, how do you contain your little prob¬ 
lems so they don't become BIG problems? NAP: 
Network Access Protection. The idea is that you can 
guarantine "bad" machines, remediate them and 
make them "good." While they're "bad" they get 
limited access and can't hurt others. When they're 
"good" they get all the network access they need. 
NAP is nothing to sneeze at. So come by and check it 
out; so you don't catch the flu. 

CREATING A SECURE DESKTOP 
WITH GROUP POLICY 

DARREN MAR-ELIA 

This session focuses on practical guidance for using 
the myriad of security features within Group Policy to 
create a secure desktop configuration. We will walk 
through how you can implement features such as 
Software Restriction Policy, Windows Firewall, IPSec, 
IE security and related technologies, and provide 
practical advice that you can implement in your envi¬ 
ronment right away. 


WINDOWS SERVER & CLIENT 


FAILED SYSVOL REPLICATION CAN 
WREAK HAVOC IN YOUR NETWORK 

RHONDA LAYFIELD 

You spent all that time plugging your security set¬ 
tings into group policies (GPs) and then...the GP fails 
to replicate to all DCs. Some workstations get the GPs 
and some don't. Join Rhonda Layfield, a 27-year vet¬ 
eran in the IT industry, to understand the underlying 
replication engine responsible for ensuring all DCs 


have consistent GPs. That engine is called the File 
Replication Service (FRS) and in the past we had no 
choice-GPs were replicated via the FRS. But Server 
2008 introduces a new replication engine-the first 
ever to make SYSVOL replication more reliable, scala¬ 
ble and manageable-it's called the Distributed File 
System Replication (DFS-R). In this session, you'll get 
a complete understanding of FRS, DFS-R and how to 
migrate your environment from FRS to DFS-R for 
SYSVOL replication. Don't miss this session if Group 
Policy replication is important to you. 

EASING MANAGEMENT AND SECURING 
REMOTE OFFICES WITH WINDOWS 
SERVER 2008 

JOHN SAVILL 

This session will focus on the technologies in 
Windows Server 2008 to help ease management of 
remote offices that reguire infrastructure but typi¬ 
cally don't have local administrators or facilities for 
proper server storage while increasing security for 
the organization. 

Technologies that will be focused on and demon¬ 
strated will include Server Core running ADDS in 
Read-Only Domain Controller mode with BitLocker 
encryption. Demonstrations will include services 
designed to remotely manage a Server Core includ¬ 
ing winRM, how to automate server core deploy¬ 
ment and what exactly a RODC means and a walk¬ 
through of configuring which passwords are kept 
locally on the server with a password hacking tool 
execution showing most user accounts are not 
stored negating many of the problems of having 
unsecured domain controllers out in remote offices. 

ADMINISTRATORS' IDOL: 

THE COOLEST SESSION EVER 

DAN HOLME 

OK, the title got your attention at least, right? So 
here's the scoop. From his work with thousands of 
IT professionals, from the CIOs of Fortune compa¬ 
nies to front-line support professionals at the 
Olympic games with NBC, Dan has amassed a 
wealth of tricks to boost your productivity as an 
administrator. 

In this fast-paced session, Dan will share how to build 
truly amazing administrative toolsets that extend 
your reach, automate tedious tasks, and enable your 
entire IT organization to work smarter, faster, and 
more securely. You'll learn tricks that will amaze not 
only your friends and coworkers, but yourself as well. 
Typically part of a post-conference workshop, we've 
brought this gem into the main event as a fantastic 
way to cap off your Windows Connections experience. 
Don't miss it! 

SERVER CORE: DO YOU CARE? 

DON JONES 

Does Windows Server 2008's Server Core matter to 
you? Should it? Microsoft MVP Don Jones introduces 
you to Server Core, explains what it can do, shows 


you how to configure it, how to manage it, and how 
to maintain it, and-most importantly-helps you 
understand where it fits in your organization. Learn 
what Server Core CAN'T do, and what hurdles you 
may need to overcome if you decide to deploy this 
new, smaller Windows in your environment. 

TIPS YOU ABSOLUTELY MUST KNOW 
FOR PREVENTING AN ACTIVE 
DIRECTORY FAILURE 

GREG SHIELDS 

Is your Active Directory configuration a ticking time 
bomb? Ever wondered if there's something just not 
right that could cause a major disaster? Prevent that 
Resume-Producing Event by attending this fast- 
paced session. We'll go over the overlooked settings 
in your AD that could someday cause a major failure. 
Gleaned from real-world experience through count¬ 
less AD assessments, you'll learn the top Active 
Directory mistakes and how to make them right 
before that bad day arrives. 


SHAREPOINT 


FILE SHARES AND SHAREPOINT: 

AN IT SERVICE CRITICAL ANALYSIS 

JOEL OLESON 

Does you company still have file shares? Is your CIO 
telling you to get rid of those file servers, but don't 
put junk into SharePoint? This session will take both 
a technical and business angle to help you under¬ 
stand and analyze the difficult and often dreaded 
file-share-to-SharePoint migration guestion. 

21ST CENTURY FILE SHARING: 
CONFIGURING AND MANAGING 
DOCUMENT LIBRARIES 

DAN HOLME 

Many organizations are replacing traditional file 
shares with SharePoint document libraries, which 
provide advanced collaborative features. The cre¬ 
ation of a document library is simple enough-what 
comes after that, though, is more nuanced. Join 
SharePoint MVP Dan Holme for an in-depth examina¬ 
tion of document library functionality and configura¬ 
tion. Learn what it takes to make the most of docu¬ 
ment libraries for 21st century collaboration. This 
session goes beyond the basics to uncover solutions 
including: 

• The management of end-user shortcuts to 
freguently used libraries 

• Publishing custom templates for new 
documents in a library 

• Configuring and managing document 
metadata (columns) 

• Exposing and inserting SharePoint metadata 
within Office documents 

• Delegating the Override Check Out permission. 
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• Views versus folders 

• Tips for effective e-mail alerts 

PERFECT THE ART OF 
SHAREPOINT SEARCH 

WENDY HENRY 

Don't let your SharePoint users drift away simply 
because they cannot find what they're looking for. 
Hedge your bet by employing the latest SharePoint 
Search strategies including pre-populated results 
pages, Best Bet results, RSS feeds of Search result 
pages and more! Attend this session for live demon¬ 
strations of advanced Search administration that will 
enhance your users' Search experience. Make sure 
users get to the right information guickly and easily by 
employing the full range of SharePoint Search tools! 

A CLOSE LOOK INSIDE THE 
SHAREPOINT ENGINE 

RANDY WILLIAMS 

SharePoint is built on a number of different products 
and technologies. This session will give you solid 
architectural overview of both the product and its IIS, 
SQL Server and .NET Framework foundations. We'll 
cover IIS Web sites, application pools, configuration 
and content databases, integration with Active 
Directory, code access security, and understanding 
key configuration settings in web.config. And if that 
isn't enough, we'll also unravel the mystery of how 
Web site virtualization and redirection actually works. 

FITTING SHAREPOINT INTO 
YOUR ORGANIZATION'S 
DISASTER RECOVERY PLANS 

RANDY WILLIAMS 

As more content gets stored in SharePoint, its impor¬ 
tance to the organization grows. Is SharePoint part of 
your Disaster Recovery Plan? If it should be, and 
you're not sure where to start, this is the session for 
you. We'll cover numerous scenarios and make sure 
you have the tools and technigues to recover your 
data. Out-of-the-box capabilities and third-party 
solutions will be covered. 

INHERITING SHAREPOINT 

WENDY HENRY 

Anyone who has been handed the keys to an existing 
SharePoint site or implementation knows that get¬ 
ting information about current structure, layouts and 
content is difficult at best. Don't let inaccurate or 
missing information about the environment put your 
management skills behind the eight ball! Join this 
session for live demonstrations of tools that will help 
you investigate and diagram an existing SharePoint 
implementation. Everyone from new administrators 
to seasoned consultants will benefit from learning 
the utilities that make investigating, planning, docu¬ 
menting and auditing SharePoint a breeze! 


PRESCRIPTIVE PLANNING AND DESIGN 
FOR GLOBAL SHAREPOINT DEPLOYMENTS 

JOEL OLESON 

Do you use one big farm or three medium-sized 
ones? Whether it's business reguirements or techni¬ 
cal reguirements, we'll break down the global deploy¬ 
ment challenges and arm you with the right tools and 
information for you to be successful. 

BASIC DEVELOPER KNOWLEDGE THAT 
EVERY SHAREPOINT ADMIN MUST HAVE 

RANDY WILLIAMS 

You may have heard that SharePoint is both a devel¬ 
opment platform and a product. Its flexibility, while 
great for developers, can cause administrator heart¬ 
burn as they try to manage what is becoming a mis¬ 
sion critical application. This session will cover many 
of the must-know concepts such as features, solu¬ 
tions, site definitions and SharePoint scripting. We'll 
also dive a bit deeper into the underpinnings such as 
IIS, and the global assembly cache. This session will 
provide key knowledge that administrators must 
have to effectively manage a SharePoint environ¬ 
ment and be able to communicate with a develop¬ 
ment team. 

SUPPORTING SHAREPOINT DATABASES 
IN SQL SERVER 2008 

WENDY HENRY 

Protect your SharePoint investment by protecting 
the storage facility underneath: SQL Server! This ses¬ 
sion offers live demonstrations of monitoring and 
maintenance Best Practices for SQL Server 2008 spe¬ 
cific to SharePoint databases. Got a small to medium 
SharePoint implementation? Learn how to wrangle 
the Windows Internal Database that installed guietly 
during your SharePoint installation procedure. 
Dealing with Enterprise-sized SharePoint? Dive into 
SQL Server 2008 features that extend and secure 
your SharePoint databases. Don't let your SharePoint 
go down with a sinking SQL ship...learn how to best 
maintain SQL Server and keep SharePoint afloat! 


OS AND APPLICATION 
DEPLOYMENT 


WINDOWS DEPLOYMENT SERVICE 
(MICROSOFT'S NEW RIS): WHY IT'S 
WORTH THE LOOK! 

RHONDA LAYFIELD 

Microsoft's new deployment tools RQCK and they're 
free! If you remember Microsoft's first attempt at a 
deployment tool-Remote Installation Service (RIS), 
you might be tempted to overlook the new RIS or 
Windows Deployment Service or WDS-BUT DQN'T. 
WDS is more user friendly, flexible and powerful than 
RIS ever dreamed of being. There is now a user inter¬ 
face and configuration settings that will affect 
deployment methods and your network. Qne of the 
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biggest complaints in getting started with WDS is 
"there is too much documentation" you don't know 
where to start. Join Rhonda Layfield who is one 
of seven Deployment MVPs in the U.S. and who has 
been working with WDS for almost two years. She will 
share her crib notes with you to get you up and run¬ 
ning in no time! When you leave this session you will 
be armed with knowledge, understanding and step- 
by-step guides so you can get WDS configured, auto¬ 
mated, multicast transmissions created and moni¬ 
tored and know how to troubleshoot WDS the day you 
get back to work. 

CREATE YOUR OWN UNATTEND ANSWER 
FILES FOR VISTA AND SERVER 2008 USING 
WINDOWS SYSTEM IMAGE MANAGER (WSIM) 

RHONDA LAYFIELD 

In the past we used Microsoft's Setup Manager to 
create automated unattended answer files for 
deploying XP and Server 2003. But there is a new 
tool in town and it is awesome. It's called Windows 
System Image Manager and is more robust than 
Setup Manager ever dreamed of being. But there is a 
learning curve to it. If you have ever launched this 
tool and couldn't figure out where to start, let 
Rhonda Layfield, who is one of 17 Deployment MVPs 
in the world, show you how to guickly and easily cre¬ 
ate automated unattended answer files that can be 
used to install Vista or Server 2008 from DVD or an 
image stored on a WDS server. Learn about configu¬ 
ration passes: what they are and how you can make 
them work for you. Lots of demos and step-by-steps 
to get you started immediately. 


VIRTUALIZATION 


HYPER-V, WITHOUT THE HYPE: 
PERSPECTIVE AND PERFORMANCE 

MARK MINASI 

Microsoft says that Windows Server's Hyper-V Server 
offers an enterprise-level base for virtual servers... 
but does it? In this entertaining, cut-to-the-chase 
look at Hyper-V, industry veteran Mark Minasi (who 
built HIS first virtual machine on an IBM mainframe 
running VM in 1982) explains how a few technological 
changes coupled with some clever ideas led 
Microsoft to release a virtual machine manager for 
just $28. What can (and can't) Hyper-V do? What does 
it do and how does it do it? What operating systems 
can it run, and which can't it? Join Mark to learn how 
a grudge match between AMD and Intel made it all 
possible... and how you'll benefit. 

VIRTUALIZATION, THE MICROSOFT WAY 

JOHN SAVILL 

In this session we will look at all the technologies to 
facilitate virtualization in your organization and the 
technical and business benefits. Key technologies 
explored deal with server virtualization using Hyper- 
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V (including Clustering Hyper-V), presentation virtu¬ 
alization using new Windows Server 2008 terminal 
services capabilities, application virtualization using 
Softgrid and Kidaro technologies. We will look at put¬ 
ting all these technologies together for a Virtual 
Desktop Infrastructure (VDI) and how solutions such 
as the Microsoft Assessment and Planning Toolkit 
help us get a grasp on the benefits virtualization can 
bring to our organizations. 

ESX AND HYPER-V COMPARISON 

ALAN SUGANO 

Microsoft's own hypervisor, Hyper-V, was released 
with Windows Server 2008. It is designed to complete 
directly against VMware's ESX server. How do the two 
products compare? We'll consider price, perform¬ 
ance, hardware reguirements, high availability, man¬ 
agement and other features in the comparison 
shootout. If you're evaluating virtualization plat¬ 
forms, make sure to attend this session to assist in 
your decision making process. 

ALL ABOUT MICROSOFT APP-V (SOFTGRID) 

JEREMY MOSKOWITZ 
Microsoft's made a big investment in "application 
virtualization." Are you? What was once known as 
SoftGrid is now known as Microsoft Application 
Virtualization, or App-V for short. And it's here to 
solve a big problem. It prevents application con¬ 
flicts and ends DLL hell. It streamlines application 
deployment and enables a whole new way of man¬ 
aging applications. It works by "wrapping up" your 
existing software into "seguences," and then put¬ 
ting them into a virtual sandbox. The upshot? Your 
applications aren't running "on" Windows. They're 
running within the sandbox. So, no more desktop 
deterioration. Oh, and learn how to use your exist¬ 
ing management tool (like Group Policy, LANDesk, 
or SCCM 2007) to deploy SoftGrid applications to 
your existing desktops and servers. App-V is a big 
place, but come to this session to make sure you 
know the ins and outs before you get it in your 
organization! 


NETWORK & STORAGE 
INFRASTRUCTURE 


EVERYTHING YOU WANTED TO KNOW 
ABOUT STORAGE, BUT WERE AFRAID 
TO ASK 

ALAN SUGANO 

If you're like most companies, you are probably run¬ 
ning low on disk space as storage-hungry applica¬ 
tions eat up disk space like contestants in a pie eat¬ 
ing contest. But what's the best solution for your 
company? With the advent of newer drive interface 
technologies like Serial Attached SCSI (SAS) and 
Serial ATA (SATA) there is a lot more to choose from 
when selecting a storage solution. This session will 
cover the storage basics of locally attached storage, 
network attached storage (NAS), just a bunch of disks 
(JBODs) and storage area networks (SANs), what they 
are, where they are typically used, and how they fit 
into a comprehensive storage strategy for your com¬ 
pany. We'll also look at the enhancements to Windows 
Storage Server (WSS) that are scheduled to be 
released with Windows Server 2008. 

SQL SERVER FOR RELUCTANT 
WINDOWS ADMINS 

DON JONES 

Are you "Jack of All Tech" in your organization? Are 
you forced to deal with one or more SQL Server 
installations that support custom apps or other busi¬ 
ness needs? Let Don Jones, a self-professed "JoAT" 
himself, show you JUST what you need to know about 
SQL Server administration to be effective-without 
changing your job title to DBA. Learn how SQL Server 
works, how to install it and keep it patched, where its 
security vulnerabilities lie, how to perform basic 
backup and restore operations, how to move a data¬ 
base to a new server, and other key tasks. 


BRINGING CLUSTERING TO THE MASSES 
WITH WINDOWS SERVER 2008 

JOHN SAVILL 

Windows Server 2008 made great technical improve¬ 
ments to Failover Clustering in Windows Server 2008. 
Enhancements included new SCSI-3 storage commu¬ 
nication removing the hated "SCSI Bus reset", a 
brand new guorum model removing dependence on 
components that could be a single point of failure 
and most of all an interface that makes validating an 
infrastructure for cluster support, deploying a clus¬ 
ter, and managing a cluster a far more intuitive expe¬ 
rience. The end result is to finally bring clustering as 
a viable option for mortals to use and manage. This 
session will look at the ways clustering can be 
deployed including new IP and geographically dis¬ 
persed options, supported configurations via the new 
validation tool and the death of the cluster hardware 
certification, supported storage, aka RIP parallel 
SCSI, guorum options including witness disk and file 
share witness and most of all the improved interface 
allowing administrators to concentrate on making 
services and applications highly available and less 
about the underlying cluster structure. 

IPV6 FOR THE RELUCTANT: WHAT TO 
KNOW BEFORE YOU TURN OFF V6 (AND 
WHY IT MIGHT GET YOU FIRED) 

MARK MINASI 

Vista has arrived. Windows Server 2008 has arrived. 
And with them they bring...lPv6. Your first reaction 
when you see an IPv6 address like 
"fe80::5efe:10.50.50.112'' might be: "Hmmm... that's a 
lotta colons, and I KNOW what comes out of colons!" 
But is that the RIGHT reaction? Join veteran Windows 
explainer Mark Minasi in a look at the latest version 
of IPv6... and whether you'll want to leave it on or 
turn it off. In this whirlwind tour, Mark explains the 
motivation for IPv6 and the technologies behind its 
implementation (which saves you from having to 
read 30 RFCs), and then focuses on the specifics of 
the Microsoft in-the-box IPv6 stack. In the process 
you may just decide that IPv6 is pretty nifty, after all! 
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IT MANAGEMENT 
CONNECTIONS 


IT CRYSTAL BALL: IT STRATEGY, 

ROADMAP AND MICROSOFT DIRECTIONS 
PANEL: DAN HOLME, 

ALAN SUGANO, DON JONES 
Join a panel of industry gurus including Dan Holme, 
Don Jones and Alan Sugano for a detailed look at 
trends, directions, and Microsoft's technology 
roadmap. Discover how to align these technologies to 
support your IT strategies, and buid a blueprint for IT 
initiatives that save money, reduce waste, increase 
productivity, and deliver business value. The session 
will explore Windows 7, Windows Server 2008, Windows 
Vista, Office and SharePoint 2007 and 2010, as well as 
server, desktop and application virtualization. 

RISKY BUSINESS: WHAT YOU'RE NOT 
DOING WITH ACTIVE DIRECTORY CAN 
HURT YOU 

PANEL: DAN HOLME, 

OTHER PANELISTS TBA 
Active Directory is a fundamental component of any 
Windows enterprise, and yet few organizations are 
implementing Active Directory in ways that deliver 
real business value. Join Active Directory consultant 
Dan Holme, along with experts including Jeremy 
Moskowitz, Darren Mar-Elia and Greg Shields, for a 
frank discussion of gaps in Active Directory, in the 
administrative toolsets, in security models, and in 
process. Learn how to lead your organization to a 
more secure, compliant, automated, consistent and 
value-laden implementation of Active Directory. 
Whether you want to "lock down" administration, 
streamline configuration, improve asset manage¬ 
ment, or facilitate compliance auditing, this session 
will set you up for success. 


WHAT DOES COMPLIANCE MEAN TO YOU? 
PANEL: DON JONES, 

OTHER PANELISTS TBA 
HIPAA, SOX, GLB, PCI DSS-pick an acronym from 
today's batch of industry and regulatory reguire- 
ments and you've got "compliance." But what does all 
the legal language mean to an IT pro? What exactly 
do you need to do to your environment to "be com¬ 
pliant?" Can Windows help you do it-or are you going 
to run across missing features and capabilities? Don 
Jones, author of numerous books and papers on IT 
compliance, frankly addresses these guestions, guid¬ 
ing you through the commonalities of the major com¬ 
pliance reguirements and explaining what Windows 
out-of-the-box can-and can't-do for you, and what 
capabilities you'll need to add to become (and 
remain) truly compliant 

WHAT KEEPS CIOS AWAKE AT NIGHT? 
PANEL: PANELISTS TBA 
Ever wonder what keeps other IT executives up at 
night, or makes them awaken in a cold sweat? Our 
industry experts don their "counselor" hats and facil¬ 
itate a group therapy session for execs. More than 
"Kumbaya" and group hugs, this is an opportunity to 
share your concerns and discover what your peers 
are doing to address them. 

ACHIEVING SYSTEMS MANAGEMENT 
EXCELLENCE IN HETEROGENEOUS 
DATA CENTERS 

PANEL: DARREN MAR-ELIA, 

OTHER PANELISTS TBA 
In this session, we'll focus on technologies and tech- 
nigues for better managing Windows and Linux serv¬ 
er systems in data center environments. We'll look at 
technologies for cross-platform automation, configu¬ 
ration management and monitoring and examine 
systems management standards that are facilitating 
heterogeneous management. We'll also examine 
third-party products that enhance heterogeneous 
systems management. 


WHAT THE OWNERS MANUAL WON'T TELL 
YOU... WHY DO SHAREPOINT DEPLOYMENTS 
FAIL AND WHAT IS GOVERNANCE? 

PANEL: JOEL OLESON, 

OTHER PANELISTS TBA 
The SharePoint TechNet planning guides are over 
1000 printed pages and there are hundreds of blogs 
with often conflicting ideas. Why do SharePoint 
deployments fail? What are the things you MUST do 
to have a successful deployment? This session will 
explore failed deployments to help you architect 
SharePoint Governance and solutions with the true 
building blocks for success. 

SOFTWARE AS A SERVICE/HOSTED 
APPLICATIONS (OUTSOURCING) 

PANEL: ALAN SUGANO, 

OTHER PANELISTS TBA 
Hosted applications is a trend that has a lot of IT Pros 
worried or at least concerned. With even Microsoft 
getting into the Software as a Service (SaaS) model, 
will everyone end up working for the computing 
cloud in the sky? Are our jobs coming to end as we 
know it? This session will discuss the advantages and 
disadvantages of SaaS. In some respects SaaS may 
be a blessing in disguise allowing IT Pros to focus on 
more strategic efforts that can really make a differ¬ 
ence in a company's success. 

We'll examine how companies fit SaaS into their cor¬ 
porate structure, and how SaaS may or may not fit 
into your company' strategic IT plans. Is there really 
a cost savings with SaaS? We'll discuss tips on how to 
get the best results from SaaS and investigate other 
possible ways of using SaaS for disaster recovery, 
testing and high availability. 
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EXCHANGE SERVER 2007 CAS\HUB 
DEPLOYMENT, SCALING AND TESTING 

MICROSOFT 

EXCHANGE SERVER 2007 SP1 AND 
HYPER-V 

MICROSOFT 

MIGRATING TO EXCHANGE SERVER 2007 

MICROSOFT 

ADVANCED TROUBLESHOOTING 
STRATEGIES FOR EXCHANGE 
SERVER 2007 

MICROSOFT 

HIGH AVAILABILITY IN EXCHANGE 2007 
SP1 - PART 1 - CONTINUOUS 
REPLICATION AND FAILOVER CLUSTERS 

MICROSOFT 

HIGH AVAILABILITY IN EXCHANGE 2007 
SP1 - PART 2 - DISASTER RECOVERY 
AND SITE RESILIENCE 

MICROSOFT 

WHO NEEDS A GUI FOR EXCHANGE? 
SCRIPT IT! 

MICROSOFT 

USING EXCHANGE SERVER 2007 FOR 
VOICEMAIL (AND INTEGRATION WITH 
OCS 2007) 

MICROSOFT 

WHAT'S NEW IN OCS 2007 R2? 

MICROSOFT 

WHAT'S NEW IN CONFERENCING WITH 
OCS 2007 R2? 

MICROSOFT 



WHAT'S NEW IN MOBILITY AND WEB 
ACCESS WITH OCS 2007 R2? 

MICROSOFT 


PLANNING AND DEPLOYING GROUP CHAT 
WITH OCS 2007 R2 

MICROSOFT 


Please Visit Web site for 
Microsoft Day Session 
Abstracts! 


SPEAKERS AND SESSIONS ARE SUBJECT TO CHANGE. PLEASE SEE WEB SITE FOR UPDATES. WWW.WINCONNECTIONS.COM 
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CONFERENCE SESSIONS 


DEPLOYING EXCHANGE 2007 WITH 
WINDOWS 2008 HYPER-V 

RICHARD CHRISTOPHER 
We'll walk through the options available and abili¬ 
ty to consolidate Exchange 2007 deployments 
using Microsoft Windows 2008 virtualization tech¬ 
nology. This session will look at the Exchange 
roles and deployment scenarios that are 'best fit' 
for virtualization and consolidation. Elements of 
an Exchange 2007 Hyper-V design will include the 
requirements around High Availability and 
Disaster Recovery and also any impact to per¬ 
formance and service degradation. 

TRANSITIONING TO EXCHANGE 2007 
USING THIRD-PARTY PRODUCTS 

RICHARD CHRISTOPHER 
This will cover inter-org-type deployments, where 
customers wish to transition directly either from 
legacy Exchange 5.5 to Exchange 2007 or from 
Exchange 2000/2003 to Exchange 2007. The ses¬ 
sion will look at the Quest and Priasoft tools to 
manage the transition and coexistence to 
Exchange 2007 and highlight any pitfalls and risks 
during the migration. 

COMPLIANCE IN EXCHANGE 

KIERAN MCCORRY 
This session will cover compliance features in 
Microsoft Exchange. Check online for a more 
detailed description closer to the date of the con¬ 
ference. 

SNEAK PREVIEW OF EXCHANGE 

KIERAN MCCORRY 
By the time Exchange Connections Spring 2009 
rolls around, Microsoft may have started talking 
about some of the new functionality available in 
the next version of Exchange. We'll talk about 
some of that functionality here. Check online for a 
more detailed description closer to the date of the 
conference. 

EXCHANGE 2007 UNIFIED MESSAGING 
PLANNING AND BEST PRACTICES 

KARL ROBINSON 

This session discusses the inner workings of the 
Unified Messaging role and the best practices for 
deployment including the details of performance 
testing and analysis. 

EXCHANGE SERVER 2007 
STORAGE SOLUTIONS 

KARL ROBINSON 

The Exchange Server 2007 mailbox role can be 
deployed successfully on a variety of storage plat¬ 
forms ranging from Eibre Channel or iSCSI SANs to 
direct attached storage (DAS) deployments. Serial 


Attached SCSI (SAS) and small form factor (SEE) 
disk technology have added to the options avail¬ 
able for Exchange storage solutions. This session 
discusses a range of storage solutions to meet your 
business needs. 

EXCHANGE 2007 SP1 SIZING AND 
PERFORMANCE: NAVIGATING THE 64- 
BIT WATERS 

STEVE TRAMACK 

To achieve the design goals associated with 
Exchange 2007, many of which were hampered 
architecturally by Exchange 2003's 32-bit glass 
ceiling, the move to an x64 architecture was nec¬ 
essary. This session delves into the specific areas 
of performance and scalability improvement 
associated with Exchange 2007, addresses new 
considerations in planning and sizing the various 
roles and features (including the various replica¬ 
tion schemes), and addresses the impact of spe¬ 
cific hardware technologies on an Exchange 
deployment. 

HOW TO CONSOLIDATE OVER A QUARTER 
OF A MILLION MAILBOXES WITH 
EXCHANGE 2007 

MIKE IRELAND 

Hear about real-life experiences in consolidating 
with Exchange 2007 and how such an exercise 
can better prepare you for future mergers and 
acquisitions. 

OCS 2007 R2 FROM POWERPOINT 
TO REALITY 

DENNIS LUNDTOFT THOMSEN 
So you have seen all the nice presentations and 
demos from Microsoft on Unified Communications 
and bought the ideal? As you probably guessed, it 
usually is a tad more complex than the marketing 
slides try to convince you of, so in this session I 
will give you the tricks for implementing OCS 2007 
R2 in your organization successfully. After this 
session you will know where to focus your atten¬ 
tion before, during, and after your deployment 
project, including advice on where to focus your 
attention in terms of the organizational imple¬ 
mentation. 

WHAT DOES IT TAKE TO VOICE-ENABLE 
YOUR OCS 2007 R2 DEPLOYMENT? 

DENNIS LUNDTOFT THOMSEN 
How do you provide OCS 2007 R2 and Exchange 
with its own voice? This session will focus on all 
the voice capabilities of OCS and Exchange. We'll 
discuss the possible scenarios and how to enable 
them in your environment. This will include 
detailed discussions on the actual capabilities of 
the different solutions and based on experience 
from real-life deployment the efforts required to 


implement and maintain the different voice sce¬ 
narios ranging from a pure standalone Enterprise 
Voice scenario to a full PBX and UM integrated 
dual forking scenario. 

TIPS AND TRICKS FOR MAXIMIZING 
YOUR INVESTMENT IN UNIFIED 
COMMUNICATIONS 

DENNIS LUNDTOFT THOMSEN 
So you have OCS 2007 R2 and/or Exchange 2007 
implemented in your organization and you are 
starting to realize your investment by using pres¬ 
ence, click-to-dial, one Unified Messaging inbox 
etc., but maybe you want even more ROI on your 
investment? In this session we will do a lap around 
the platform and look under the hood for develop¬ 
ers. We will look at and demonstrate how to inte¬ 
grate business processes with Exchange 2007 SP1 
Web services, how to build services that manage 
communications, and also take a look at Windows 
Workflows that talk and IM. 

WHEN PERFORMANCE IS A PROBLEM, 

IT'S GOOD TO HAVE A PAL AROUND 

WILLIAM LEFKOVICS 
Not every company can or wants to deploy SCOM 
(formerly MOM) to manage and monitor their serv¬ 
er deployments. Windows comes with a basic tool 
called, or at least known as. Performance Monitor. 
Exchange 2007 Server adds a plethora of perfmon 
counters for each role. Our PAL, Microsoft's free 
Performance Analyzer tool, will help us create 
charts (in HTML-managers love charts) for man¬ 
agement and monitoring from perfmon logs of 
key Exchange counters. We will walk through the 
requirements (Office Web components. Log Parser, 
Codeplex) and configuration (XML config files) to 
produce a simple monitoring solution. 

EXCHANGE SERVER 2007 SECURITY 
BEST PRACTICES 

WILLIAM LEFKOVICS 
Is Exchange 2007 really secure out of the box? Not 
necessarily. We will look at all the steps you 
should take to secure a default installation of 
Exchange 2007 and what tools are available to 
confirm or enforce that configuration, specific to 
each role. We will discuss Microsoft Update, anti¬ 
spam updates, the Best Practices Analyzer, and 
the Security Configuration Wizard (Exchange tem¬ 
plates). We'll give consideration to IIS and 
Windows, including the Microsoft Baseline 
Security Analyzer (MBSA). We'll discuss anti-virus, 
anti-malware, anti-spam and Auntie Em. 
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TOOLS, TOOLS, TOOLS! NO, NOT USERS. 
THE EXCHANGE 2007 MANAGEMENT 
TOOLBOX 

WILLIAM LEFKOVICS 
The Exchange Management Console in Exchange 
2007 has a section dedicated to tools. It seems, 
Exchange Server itself needs a little help once and 
a while. We will review the tools in the EMC covering 
what they do, when to use them and even when not 
to. This overview includes: Best Practices Analyzer, 
Mail Elow Troubleshooter, Queue Viewer, Message 
Tracking, Database Troubleshooter. 

EXCHANGE MESSAGING RECORDS 
MANAGEMENT 

MICHAEL B. SMITH 

In this session we will discuss how to use the MRM 
features of Exchange 2007 to provide the features 
that were present in Exchange 2003 Mailbox 
Manager for the deletion of old e-mail. We will be 
using the Default Eolders capabilities so that an 
Exchange Standard CAL is sufficient. 

EXCHANGE HIGH-AVAILABILITY WITH 
WINDOWS LOAD BALANCING SERVICES 

MICHAEL B. SMITH 

With all the new features available for HA with 
mailbox servers (CCR, SCR, LCR, etc.) many people 
overlook the HA features present for HT and CAS. 
In this session we will discuss how to provide HA 


services for CAS, HT, and CAS/HT servers, using 
both the built-in features of Exchange Server 2007 
and WLBS. 

EXCHANGE 2007 MONITORING WITH 
OPSMGR 2007 

MICHAEL B. SMITH 

Exchange 2007 does not stand alone. It is an appli¬ 
cation that depends on other infrastructure for it to 
work properly including Active Directory, DNS, 
Windows Server, etc. In this session, we will discuss 
configuring monitoring and health for all facets of 
an Exchange eco-system, basing health and moni¬ 
toring on OpsMgr 2007. 

TURBO-CHARGED MISSION CRITICAL 
EXCHANGE DESIGN & ARCHITECTURE 

FRANK WRUBEL AND 
MARC SUGARMAN 
In this session, we will discuss work that has been 
done to test the limits of Microsoft Exchange Server 
2007 using various consolidation methodologies 
and virtualization technologies, with a particular 
emphasis on bottom line results/savings. The 
objective of this effort has been to increase the uti¬ 
lization of large-scale, enterprise-class e-mail envi¬ 
ronment assets and to reduce the cost to organiza¬ 
tions while increasing the security, resilience, and 
responsiveness to changing end-user and organiza¬ 
tional needs. Detailed architectures and best prac¬ 
tices will be reviewed. 


Vc/^ex ... 

We hope to offer a series of 
sessions by our expert speakers 
about other topics related to 
the main subject matter of this 
conference, but we cannot 
discuss the details now. 

Wisit the conference Web site 
right before the show when we 
hope to make this information 
availabie. 


SPEAKERS AND SESSIONS ARE SUBJECT TO CHANGE. PLEASE SEE WEB SITE FOR UPDATES. WWW.WINCONNECTIONS.COM 



12 Register Today! • 800-505-1201 • 203-268-3204 













GREEN IT 

(CONNECTIO N~S) 

CONFERENCE SESSIONS 


DATA CENTER BEST PRACTICES 

MICROSOFT 
See website for abstract. 

VIRTUALIZATION-CONSOLIDATE SERVERS, 
REDUCE ENERGY 

MICROSOFT 
See website for abstract. 

UNIFIED COMMUNICATIONS-REDUCE 
TRAVEL, INCREASE PRODUCTIVITY, 

REDUCE EMISSIONS 

MICROSOFT 
See website for abstract. 

MS IT SHOWCASE-WHAT MICROSOFT IS 
DOING IN IT TO REDUCE THEIR ENVIRON¬ 
MENTAL FOOTPRINT 

MICROSOFT 
See website for abstract. 

WHAT GREEN MEANS TO IT PROFESSIONALS 
AND WHY YOU SHOULD CARE 

KATHY MALONE 

According to Environmental Protection Agency (EPA) 
guidelines, the highest form of pollution prevention is 
to not create it in the first place (it is not, as one might 
think, to manage it well). Similarly, architects and 
developers are the ones who can optimize their solu¬ 
tions to reduce both the CPU used and the number 
of bits and bytes sent to thedata center, which are two 
of the main factors determining the size of the data 
center and the amount of energy used for local pro¬ 
cessing. So while it is useful for the data center to 
operate as efficiently as possible, activities conduct¬ 
ed by architects and developers have an egually 
important role to play in Green. This session covers 
the 7 challenges for architects and developers (pat¬ 
terns). You'll learn how to start collecting business 
cases and the metrics for Green IT along with solu¬ 
tions that address Green challenges. 

GREEN ACROSS THE SUPPLY CHAIN: A 
GLOBAL PERFECT STORM IS BREWING FOR 
CHEMICALS. WILL YOU RIDE THE WAVE OR 
BE WASHED AWAY BY IT? 

KATHY MALONE 

Although transactions ordinarily move smoothly 
across the electronic supply, data associated with 
chemicals traveling that same supply chain typical¬ 
ly follow a rockier and more manual road. 
Historically, legally reguired information was con¬ 
tained in Material Safety Data Sheets (MSDS). 
However, new global regulations are changing the 
information suppliers must provide and that must 
be available to all employees. Just as we have awe¬ 
some tools to improve this workflow, the reguire- 
ments are changing. US Department of Homeland 
Security chemical screening reguirements took 
effect January 2008, which changes the aggrega¬ 
tion reguirements around chemicals. The Global 


Harmonization Standard was implemented by 
Japan in June 2007, and will reach North America 
around 2010-2012. The European REACH regulations 
are in the process of being implemented. Timelines 
are short, and these initiatives may land in the lap 
of your IT department for immediate implementa¬ 
tion if your company produces, distributes or uses 
any chemicals. This session will prepare you with an 
overview of the new reguirements and how improv¬ 
ing the workflow around this activity gives you two 
times the green: it makes your process more effi¬ 
cient (which is more green), and has you better 
managing the chemicals in an environmentally 
responsible manner. 

GREENING YOUR BUSINESS CASE AND 
YOUR CORPORATE CULTURE: USING GREEN 
TO SUPPORT YOUR PROJECTS 

KATHY MALONE 

Until Green metrics become part of all IT activities 
from the gleam in the future user's eye through 
maintenance activities after successful deploy¬ 
ment, and become part of every bid specification 
and RFQ, the mindset around building Green and 
Sustainable will not change. Green needs to be an 
end-to-end consideration in the same way security 
is built in now. Back in the mid-80's contractors 
were forced to implement bar-coding and chemical 
tracking during construction of an automotive 
assembly plant by including it as a reguirement in 
the bid specification. Similarly, including the 
reguirements for Green metrics as part of the pro¬ 
curement process will cause all bidders to address 
the guestion, and start building the knowledge base 
around these activities. In-house, review of process¬ 
es from a Green prospective early in the design 
activity may soon be reguired of us. Within manu¬ 
facturing and other industry segments, this consid¬ 
eration is already reguired to some extent for 
chemicals. You'll learn about the tools available and 
how to use them to best manage these activities to 
introduce Green responsibility in your organization. 

GREENHOUSE GAS FOOTPRINTING 

CAROL DOLLARD 

Five greenhouse gases are organized into three 
scopes and a standardized calculation based primari¬ 
ly on the scientific makeup of these chemicals. The 
resulting number is often called the "carbon foot¬ 
print". Learn how to calculate the carbon footprint, 
particularly the carbon footprint of your IT organiza¬ 
tion. You may have heard of carbon offsets. Learn 
what this accounting agreement means and more 
about the upcoming legislation regarding carbon 
credits and offsetting. You'll leave this session with an 
understanding of what your carbon footprint means 
and how to reduce it. 

ENERGY OF IT 

CAROL DOLLARD 

IT runs on eguipment that runs on energy. Take a 
guick look back at the energy shifts of moving from 
mainframes to today's networks and look forward 
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to the impact of energy on your organization's bot¬ 
tom line. Explore energy efficiency and options for 
reducing your overall energy consumption. You'll 
see how to calculate energy payback to ensure you 
consider energy lifecycle costs as you make IT 
investments. Even if you aren't able to make signif¬ 
icant hardware changes to improve efficiency, you 
can reduce your energy costs through conservation 
and you'll get materials to help you publicize ener¬ 
gy efficiency such as differences between Sleep, 
Hibernate and Off and the impact of various energy 
settings to reduce the individual energy load of 
each piece of your infrastructure. 

E-WASTE AND LIFECYCLE 

CAROL DOLLARD 

The short lifecycle of IT and consumer electronics cre¬ 
ates a significant and growing waste stream. The 
hardware in your IT infrastructure includes materials 
that potentially harm the environment-including lead 
in CRT monitors, mercury in LCD monitors, cadmium in 
batteries, and bromide-based flame retardants. Your 
organization has long-term legal responsibility for 
your waste stream and in the US, two sets of federal 
regulations apply. Get an overview of these regula¬ 
tions, understand why some items in your infrastruc¬ 
ture meet the legal description of a hazardous waste 
and learn what accounting you need on these compo¬ 
nents as you dispose of them. You'll also learn a little 
about an ugly side of recycling where a significant 
portion of the recycling stream is shipped overseas. 
You'll leave this session with a better understanding 
of your e-waste stream and how to reduce it. 

TELECOMMUTING 

CAROL DOLLARD 

Workers in your organization spend an amazing 
amount of time in their vehicles. Based on data in 
the 2000 census, the average commute nationwide 
is 25 minutes, or nearly 500 hours per year. Add to 
that the massive environmental and guality-of-life 
issues associated with commutes and telecommut¬ 
ing becomes an attractive alternative. In many 
cases, it also allows you to hire expertise that is not 
available within commuting distance. So, if telecom¬ 
muting is so great, why aren't we all doing it? This 
session looks at some of the challenges and bene¬ 
fits of telecommuting for information workers and 
developers. It will include an open floor segment so 
you can hear the successes and failures of other 
organization and hone in on the types of workers 
you want to remotely support. 
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minimum stay) , 
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ASP.NET 
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MARCH 22-25, 2009 

ORLANDO, FL • JW MARRIOH & THE RITZ CARLTON 

The cutting-edge event for developers and DBAs 


Register 

J by Jan 12th ^ 
and receive a 
FREE night at 
JW Marriott. 


^^The first 500 people to register will be mailed SQL Server 2008 standard with one CAL 
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Connect to Microsoft architects and industry experts 
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SPEAKERS 


A SAMPLING OF SPEAKERS & MICROSOFT EXPERTS 


SPEAKERS ARE SUBJECT TO CHANGE. SEE WEB SITE FOR UPDATES AND BIOS. 



FRANCOIS AJENSTAT 

MICROSOFT 



DAN HOLME 

INTELLIEM 

WINDOWS CONNECTIONS 
CONFERENCE CHAIRPERSON 



DENNIS LUNDTOFT 
THOMSEN 



LEE BENJAMIN 




SEAN DEUBY 

ADVAIYA INC. 



DON JONES 

CONCENTRATED TECHNOLOGY 



CAROL DOLLARD 

COLORADO STATE 
UNIVERSITY 



RUSS KAUFMANN 

MINDSHARP 





DARREN MAR-ELIA 

SDM SOFTWARE, INC. 


JOEL OLESON 


KATHY MALONE 

MANGUARD SYSTEMS, INC. 



JEREMY 

MOSKOWITZ 

MOSKOWITZ, INC. 




STEVE RILEY 

MICROSOFT 


PAUL ROBICHAUX 

3 SHARP, 

MICROSOFT EXCHANGE 
CONNECTIONS 
CONFERENCE CO-CHAIR 




RICHARD 

CHRISTOPHER 

HP 



RHONDA LAYFIELD 

CONSULTANT/TRAINER 



THOMAS FOREMAN 

WADEWARE 



WILLIAM LEFKOVICS 

MOJAVE MEDIA GROUP, LLC 



KIERAN MCCORRY 

HP 

MICROSOFT EXCHANGE 
CONNECTIONS 
CONFERENCE CO-CHAIR 



GREG SHIELDS 

CONCENTRATED 

TECHNOLOGY 



MARK MINASI 

MR&D 




ALAN SUGANO 

ADS CONSULTING 


MARC SUGARMAN 

UNISYS 


STEVE TRAMACK 

HP 


RANDY WILLIAMS 

SYNERGY CORPORATE 
TECHNOLOGIE 


FRANK WRUBEL 

UNISYS 






ADDITIONAL SPEAKERS INCLUDE: 

WENDY HENRY sharepoint-elearning.com • KARL ROBINSON 

... 

March 15-18, 2009 • Orlando.FL * www.WinConnections.com 15 









PRE-CONFERENCE WORKSHOPS 


SATURDAY, MARCH 14 

FULL DAY PRE-PRE-CONFERENCE • 9:00AM-4:00PM 

EXTREME ADMINISTRATIVE MAKEOVER: 

BUILDING A MORE PERFECT ENTERPRISE 

DAN HOLME 

Increase security. Improve manageability. Ensure compliance. Lower risk. Oh, 
and do it all with half the budget of last year. Does this sound like your man¬ 
date? Then this full-day preconference workshop is for you! Join one of the 
industry's leading Microsoft technologies consultants, Dan Holme, for a deep 
dive into solutions that address common IT administration pain points. Learn 
to streamline, automate, and secure your adminsitrative practices and tricks to 
improve the administration and configuration of users, computers, and Active 
Directory as a whole. Solutions in this session include: 

• Implementing least privilege for Active Directory administration: 
advanced administrative delegation. 

• Assigning computers to users, tracking user logon and computer 
location. 

• Role-based access control and role-based management: ensuring 
security and audit trail. 

• Tricks to improve application deployment, regardless of your 
deployment and management tools. 

• Managing user data and settings: beyond profiles and redirected 
folders. 

FULL DAY PRE-PRE-CONFERENCE • 9:00AM-4:00PM 

TRANSITIONING TO EXCHANGE SERVER 2007 WORKSHOP: 

THE UPGRADE PATH IS CLEAR. Bring your own laptop, 

LEE BENJAMIN 

While Exchange Server 2003 is a great email platform. Exchange Server 2007 is 
better and it's time to upgrade. Spend a day listening to lecture and working 
through labs that transition an Exchange Server 2003 organization to 
Exchange Server 2007. With a new architecture and many new features, the 
process of implementing Exchange Server 2007 must be carefully planned and 
executed. In this workshop you will get valuable guidance and best practices 
for transitioning to Exchange 2007 as well as hands-on experience. 

NOTE: The laptop you bring MUST have at least 2GB of memory, 20GB free disk 
space, and dual layer DVD drive. 

SUNDAY, MARCH 15 

FULL DAY PRE-CONFERENCE • 9:00AM-4:00PM 

SHAREPOINT JUMP START: REIMAGINING COLLABORATION 

DAN HOLME 

If you are new to SharePoint, or are trying to wrap your head around the mas¬ 
sive potential of this powerful platform, you'll be the hero of your enterprise 
when you bring back the solutions you discover in this fast-paced, full-day pre¬ 
conference workshop. Dan Holme, a Microsoft MVP for SharePoint, will dive 
deep into the configuration, customization, and management of SharePoint 
collaboration. You'll learn to build SharePoint solutions that address common 
enterprise challenges, and you'll be amazed just how much you can do with 
Windows SharePoint Services (WSS) without having to pay for Microsoft Office 
SharePoint Server (MOSS). Topics include: 


• SharePoint Administration Jump-Start: What you need to know to 
administer SharePoint effectively, in 90 minutes or less. 

• How to use SharePoint document libraries as a replacement for 
traditional file shares. 

• Driving effective collaboration and end-user adoption with Microsoft 
Office 2007 applications as SharePoint clients. 

• How to build "Business Intelligence Lite", no-code, and low-code 
SharePoint solutions using Office 2007 and SharePoint Designer. 

FULL DAY PRE-CONFERENCE • 9:00AM-4:00PM 

MAKING EXCHANGE SERVER 2007 HIGHLY AVAILABLE 

RUSS KAUFMANN 

This all day session will cover the installation and configuration of failover 
clustering. This session will cover: 

• Using Single Copy Clustering as well as Clustered Continuous 
Replication clusters. 

• How to use Network Load Balancing for Client Access Services 
and Hub Transport. 

• Multiple sites and providing disaster recovery for Exchange. 

Attendees will leave with a strong understanding of how High Availaiblity can 
be implemented for an Exchange Server 2007 environment and how to explain 
the benefits and costs associated with the different options available. Here's a 
quick rundown of the order of topics presented: 

Outline of Modules: 

• Installing/Configuring Failover Clustering 

• Configuring Single Copy Clusters (SCO 

• Configuring Clustered Continuous Replication (CCR) 

• Multiple Location Solutions, including Standby Continuous 
Replication (SCR) 

• Configuring Network Load Balancing (NLB) 

• Configuring NLB for Client Access Services and Hub Transport 
for client relays 

FULL DAY PRE-CONFERENCE • 9:00AM-4:00PM 

WALK IN THE PARK: MICROSOFT EXCHANGE 2007 HANDS-ON LABS 
Bring your own laptop, 

LEE BENJAMIN 

Come take a six-hour guided tour of Exchange Server 2007 and see for your¬ 
self the next evolution of the world's most powerful messaging system. 
Experience the new Management Console, the five new server roles, e-mail pol¬ 
icy enforcement and compliance, powerful new scripting tools, new architec¬ 
ture, new high availability and disaster recovery features, new mailbox fea¬ 
tures, and methods for migrating from earlier versions of Exchange. In this 
information-packed day with Exchange expert and MVP Lee Benjamin, you'll get 
hands-on experience with Exchange Server 2007 using your laptop to walk 
through several labs developed by Wadeware®. 

NOTE: The laptop you bring MUST have at least 2GB of memory, 15GB free disk 
space, and DVD drive. 
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PRE & POST CONFERENCE WORKSHOPS 


HALF-DAY MORNING PRE-CONFERENCE • 9:00AM-12:00PM 

GROUP POLICY FUNDAMENTALS, SECURITY, AND CONTROL 

JEREMY MOSKOWITZ 

Group Policy is the most efficient way to manage desktops in a Windows envi¬ 
ronment. If you are still running to machines to install and configure desktops, 
you are not taking full advantage of the power of Group Policy. In this practical 
workshop, Jeremy Moskowitz will help you gain control of your environment 
and get your life back. This is the perfect workshop to take before doing "deep 
dives" into the main sessions of the conference. You'll get a little bit of every¬ 
thing: deployment, configuration, control, and security! We'll warm up with 
some Group Policy basics. Then, you'll learn how to get your XP and Vista client 
machines up and running with some new set-up options. After your machines 
are up and running, Jeremy will show you how to manage your environment 
with GPOs. You'll get some "solid base hits" to ensure you can go back to work 
with some good ideas you can immediately put to use. For instance, learn how 
to zap printers down to your computers, and remotely deploy software to your 
users' desktops, and learn how to use Group Policy to secure collections of 
machines. You'll also get a sneak-peek at the Group Policy Preferences, the 
newest Microsoft technology that's 100% free-and it will get you out of login- 
script hell. We'll examine how Group Policy can do the heavy lifting to the jobs 
you want to do! This session has both XP and Vista content. 

NOTE: Some material is repeated in Jeremy's regular sessions as reinforcement. 

HALF-DAY AFTERNOON PRE-CONFERENCE • 1:00PM-4:00PM 

VIRTUALIZATION: A REAL-WORLD JUMP START 

ALAN SUGANO 

Virtualization is one of the hot topics this year. With significant increases in 
performance of the current generation of server hardware with quad-core 
processors, high memory capacity, and Serial Attached SCSI (SAS) drives, much 
of the processing power on a server goes unused. Virtualization allows you to 
take advantage of this processing power by running several virtualized servers 
on one physical host. If you're considering virtualization and are new to this 
technology, this workshop will get you up to speed. You'll learn about the fol¬ 
lowing topics: 

• Virtualization hardware. Server processors, memory and hard drive 
configurations. Optimization of the hardware and the virtual environ¬ 
ment for the best virtual guest performance. Running the x64 platform 
for virtual hosts and guests. 

• Virtualization software (Virtual Server 2005, VMware Server, 

ESX Server). 

• Backup strategies of virtual servers. 

• Virtualization and high availability. Learn about the high availability solu¬ 
tions from Microsoft and VMware in the virtual server environment. 

• Virtual guest limitations and how to determine if virtualization is a good fit 
for your application. 


POST-CONFERENCE WORKSHOPS 


THURSDAY, MARCH 19 

FULL DAY POST-CONFERENCE • 9:00AM-4:00PM 

WINDOWS POWERSHELL CRASH COURSE 

DON JONES 

Want to start taking advantage of Microsoft's new management shell, but don't 
know where to start? Start here, with the industry's most-recognized and experi¬ 
enced PowerShell instructor, Don Jones! Co-author of Windows PowerShell: TFM and 
more than 30 other IT books, Don's easygoing and popular teaching style will help 
you understand what PowerShell is all about, how to start using the shell immedi¬ 
ately (no scripting required), and how to automate complex business processes 
using PowerShell's simplified scripting language. With a focus on real-world exam¬ 
ples (and lots of take-home code), you'll soon be brimming with ideas for automat¬ 
ing tedious administrative processes. This is not a hands-on workshop; no laptop is 
required and power is not provided. No prior scripting or PowerShell experience is 
necessary-and this will be the ONLY full-day PowerShell workshop Don offers on the 
East Coast in 2009! 

FULL DAY POST-CONFERENCE • 9:00AM-4:00PM 

WALK IN THE PARK: OFFICE COMMUNICATIONS SERVER HANDS 
ON LABS Bring your own laptop, 

THOMAS FOREMAN 

Come take a six-hour guided tour of Office Communications Server (OCS) 2007 and 
see for yourself the latest Microsoft Unified Communications product. Much, much 
more than Instant Messaging, Office Communications Server provides text, web 
conferencing, and Voice over IP solutions that allow you to change the way your 
organization communicates. We will also review the new features of OCS 2007 R2. 
We'll install and configure OCS 2007, as well as Office Communicator 2007 and the 
Live Meeting 2007 client and how to configure and use Communicator Web Access. 
In this information-packed day, you'll use your laptop to walk through several 
hands-on labs developed by Wadeware® with OCS expert, Thomas Foreman. 

NOTE: The laptop you bring MUST have at least 4 GB of memory, 30 GB free disk 
space and a dual layer DVD drive, optional and a webcam and headset with micro¬ 
phone is recommended 
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HOTEL INFORMATION 


HOTEL ACCOMMODATIONS 

The Hyatt Regency Grand Cypress Resort, 
One Grand Cypress Blvd., Orlando, FL 
is the conference site and host hotel. 
SPACE IS LIMITED so reserve your room 
early by calling the conference hotline at 
800-505-1201. 

AIRLINE 

Please call Pericas Travel at 
203-562-6668 for airline reservations. 

CAR RENTAL 

Hertz is offering auto rental discounts to 
attendees. Call the Hertz Meeting Desk at 
800-654-2240 for reservations and refer 
to code CV# 010R0037 to receive your 
attendee discount. 

AIRPORT SHUTTLE 

Mears Transportation is the designated 
ground carrier at Orlando International 
Airport. You may pick up the shuttle on 
Level 1, one floor below baggage claim. 
The shuttle is available 24 hours a day. 
The rates to the Hyatt Regency Grand 
Cypress hotel are as follows: One-way is 
$20.00 and $33.00 round-trip. You may 
call Mears directly at 407-843-2404 for 
more information or go to their Web site: 
www.mearstransportation.com . 

Prices are subject to change. 



ORLANDO, FLORIDA 

EXTEND YOUR STAY 

Come early or stay late. Bring the family! You are in the land of 
fantasy for children of all ages. Walt Disney World - Magic 
Kingdom® Park, Disney MGM Studios®, Epcot® and Disney's 
Animal Kingdom® Theme Park. In addition, explore Kennedy 
Space Center, Sea World, and Universal Studios Theme Park, or 
take a short drive to beautiful white sand Atlantic beaches. 

TAX DEDUCTION 

Your attendance to a WinConnections conference may be tax 
deductible. Visit www.irs.ustreas.gov. Look for topic 
513 - Educational Expenses. You may be able to deduct the 
conference fee if you undertake to (1) maintain or improve skills 
reguired in your present job; (2) fulfill an employment condition 
mandated by your employer to keep your salary, status, or job. 


ATTIRE 

The recommended dress for the 
conference is casual and comfortable. 
Please bring along a sweater or jacket, 
as the ballrooms can get cool with the 
hotel's air conditioning. 



SPONSORSHIP/EXHIBIT INFORMATION 

For sponsorship information, contact: Rod Dunlap 
phone: 480-917-3527 
e-mail: rod@devconnections.com 
See web site for more details. www.WinConnections.com 

GROUP DISCOUNT 

Register individuals from one 
company at the same time 
and receive a group discount. 

Call 800-505-1201 to take 
advantage of group discount pricing. 

NOTES & POLICIES: The Conference Producers reserve the right to cancel the conference by refunding the registra¬ 
tion fee. Producers can substitute speakers and topics and cancel sessions without notice or obligation. Updates will 
be posted on our Web site at www.WinConnections.com . Tape recording, photography is not allowed at any session. 
Conference producers will be taking candid pictures of events and reserve the right to reproduce. By attending this 
conference you agree to this policy. You may transfer this registration to a colleague. Please inform us if you have 
any special needs or dietary restrictions when you register. The conference registration includes a one-year print 
subscription to Windows IT Pro. Current subscribers will have an additional 12 issues added to their subscription. 
Subscriptions outside of the United States and Canada will be digital. $25 of the funds will be allocated toward a sub¬ 
scription to Windows IT Pro ($49.95 value). REGISTRATION & CANCELLATION POLICY: Registrations are not con¬ 
firmed until payment is received. Cancellations before February 3,2009 must be received in writing and will be 
refunded minus a $100 processing fee. After February 3,2009 cancellations and no shows are liable for full registra¬ 
tion, it can be transferred to the next Connections Conference within 12 months or to another person. Active 
Directory, Microsoft, MSDN, Outlook, Windows Server, Windows Vista, and Windows are either trademarks or regis¬ 
tered trademarks of Microsoft Corporation. All other trademarks are property of their owners. 


1-3 registrants 

$1,495 per person 

Additional registrants 
after the 3rd 

(4th, 5th, 6th...) 

$1,295 per person 

($200 off each) 
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CONFERENCE REGISTRATION • MARCH 15-18, 2009 


FULL CONFERENCE REGISTRATION INCLUDES KEYNOTE ON MARCH 15, 6:30PM, 
THROUGH CLOSING SESSION MARCH 18, 4:30PM 


NAME 

PRIORITY CODE 

COMPANY 

TITLE 

STREET ADDRESS (REQUIRED TO SHIP MATERIALS) 

CITY, STATE, POSTAL CODE 

COUNTRY 

TELEPHONE FAX 

E-MAIL ADDRESS (IMPORTANT) 


ONLINE 

www,WinCQnngctiQn$,CQm 

E-MAIL 

info(a)devcQnnections.cQm 

PHONE 

(800) 505-1201, (203) 268-3204 

FAX 

(203) 261-3884 

MAIL 

Microsoft Exchange Connections 2009 
Windows Connections 2009 
c/o Tech Conferences, Inc. 

731 Main Street, Suite C-3 
Monroe, CT 06468 


□ 

Microsoft Exchange Connections. 

.on or before February 3rd. 

.after February 3rd. 

.$1395.00 

.$1495.00 

□ 

Windows Connections. 

.on or before February 3rd. 

.after February 3rd. 

.$1395.00 

.$1495.00 


PRE-CONFERENCE WORKSHOPS SATURDAY, MARCH 14, 2009 LUNCH IS INCLUDED WITH FULL DAY WORKSHOPS. 

□ 9:00AM - 4:00PM Extreme Administrative Makeover: Building a More Perfect Enterprise HOLME.$399 

□ 9:00AM - 4:00PM Transitioning to Exchange Server 2007 Workshop ... bring your own laptop BENJAMIN.$399. 

PRE-CONFERENCE WORKSHOPS SUNDAY, MARCH 15, 2009 LUNCH IS INCLUDED WITH FULL DAY WORKSHOPS. 

□ 9:00AM - 4:00PM SharePoint Jump Start: Reimagining Collaboration HOLME.$399. 

□ 9:00AM - 4:00PM Making Exchange Server 2007 Highly Available KAUFMANN.$399. 

□ 9:00AM - 4:00PM Walk in the Park: Microsoft Exchange 2007 Hands-on Labs bring your own laptop BENJAMIN.$399. 

□ 9:00AM - 12:00PM Group Policy Fundamentals, Security, and Control MOSKOWITZ.$199 

□ 1:00PM - 4:00PM Virtualization: A Real-World Jump Start SUGANO.$199 

POST-CONFERENCE WORKSHOPS THURSDAY, MARCH 19, 2009 LUNCH IS INCLUDED WITH FULL DAY WORKSHOPS. 

□ 9:00AM - 4:00PM Windows PowerShell Crash Course JONES.$399. 

□ 9:00AM - 4:00PM Walk in the Park: Office Communications Server Hands On Labs bring your own laptop FOREMAN $399 


CONFERENCE MATERIALS 

Full conference registration inciudes materiais for the one conference for which you register. 
You may purchase materials for the other concurrently run events. 


□ Microsoft Exchange Connections Proceedings CD .$75 

□ Windows Connections Proceedings CD .$75 


PAYMENT TOTAL 


♦IMPORTANT: You must reference Microsoft Exchange Connections or Windows Connections on your check. 

□ CHECK (payable to Tech Conferences) All payments must be in US Currency. Checks must be drawn on a US bank. 
□ VISA □ MASTERCARD □ AMEX 

CREDIT CARD NO. EXPIRATION DATE 


Cardholder's Signature 


Cardholder's Name (print) 
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BUYER’S GUIDEB 


Active Directory 

Auditing 

Tools 

A ctive Directory (AD) is a crucial component of just 
about any Windows-based IT infrastructure, and 
keeping tabs on who modified AD records, when 
they were changed, and why they were changed can 
be a full-time job. Throw in some additional require¬ 
ments—such as the need to be in compliance with 
federal and state governance guidelines, from the Sarbanes-Oxley 
(SOX) Act to the Health Insurance Portability and Accountability Act 
(HIPAA)—and you have the makings of a headache-inducing task 
for many IT pros. But help is on the way. 

Windows Server 2008 AD Improvements 

Microsoft listened to IT pro complaints about AD auditing and 
implemented several new features in Windows Server 2008 to ease 
the pain. "Windows 2008 brings various benefits to the table with 
respect to event management, including a completely changed 
event-log storage model," says Guido Grillenmeier, a Microsoft 
Directory Services MVP and a master technologist with HP's 
Advanced Technology Group. "It also includes improved native AD 
auditing, as it allows more granular and more complete auditing of 
AD changes. For example, it can record the old value and new value 
of an attribute that was changed." 

Server 2008 breaks auditing into four categories: Access, Changes, 
Replication, and Detailed Replication. The Changes category improves 
upon the way AD changes were handled in Windows Server 2003 and 
Windows 2000, logging deltas of attribute changes, detailing new 
object creation and movement, and offering a create-event feature 
that's triggered when objects are moved to different domains. 

Choosing an AD Auditing Solution 

Regardless of whether you're running Server 2008, Windows 2003, 
or Win2K, an off-the-shelf AD auditing product can help minimize 
the workload. Determining what level of AD auditing your organiza¬ 
tion needs is important. Grillenmeier cautions against looking for 
a silver-bullet solution to AD auditing requirements. "For example, 
proxy-management solutions ... such as AD Self-Service Suite and 
Ensim Unify... are nice tools to delegate specific management tasks 
to non-admin users and audit the changes they do to AD with the 
tool. However, these tools only audit what's changed by them and 
can't audit native changes in AD; they can never create a complete 
auditing trail." 

Grillenmeier contrasts those AD proxy-management auditing 
tools with AD auditing tools that gather security and auditing events 


Not all AD auditing tools 
audit all of AD 

by Jeff James 


from event logs on domain controllers (DCs)—such as Microsoft 
System Center Operations Manager or HP OpenView—and AD 
auditing tools that combine native event logs with AD data gath¬ 
ered by agents, such as Quest InTrust and Quest ChangeAuditor 
(formerly NetPro ChangeAuditor). 

"Event-log-based [auditing] may be sufficient for many custom¬ 
ers that need to meet specific compliancy requirements," says Gril¬ 
lenmeier. "It's mainly a matter of correctly setting up auditing in the 
directory itself, so that the changes are correctly logged in the event 
logs. Note that if proxy-management tools are used, you still have 
to combine the native event data with the data of the proxy tools to 
figure out which person actually performed a change in AD, since for 
changes done by the proxy tool the native event logs will only see the 
service account as the owner of the change." Grillenmeier says that 
only products that combine event-log auditing with separate agents 
that gather AD data are capable of auditing all AD changes. 

Tom Crane, a product manager for InTrust at Quest Software, 
says that the most useful products offer the ability to capture AD 
change information not provided by the version of Windows Server 
you're using. "Some AD change information doesn't appear in the 
event log. Eor example, some changes are consolidated down into 
a single event message, and that single event may contain multiple 
changes. Having a tool that is able to provide that information will 
help reduce time spent in troubleshooting AD auditing problems." 

Don't Forget the Data 

One important yet overlooked aspect of AD auditing is the massive 
amount of data the auditing process can generate. "Eor enterprise- 
scale customers, this easily amounts to many gigabytes per day of 
auditing data," Grillenmeier says. "Tools that [have the capability] to 
efficiently store the auditing data in a compressed format and [auto¬ 
matically clean up that data over time] are a critical factor for large 
companies." You'll do well to consider your organization's auditing 
needs, the number of AD changes it makes, and how granular those 
changes are. And you'd be well advised to pay attention to the secu¬ 
rity, backup, and disaster recovery of AD auditing data, just as you 
would for other types of data. 

InstantDoc ID 100828 


JEFF JAMES (iiannes@windowsitpro.com) is the senior editor of products 
for Windows IT Pro and SQL Server Magazine. He specializes in virtualiza¬ 
tion and terminal services and has more than 15 years of experience as a 
writer and digital-content producer. 
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Company 

Product 

Price 

OSs Supported 

Agent-Based? 

Native 

Event Log 

Monitoring? 

Engagent 

870-820-7980 

www.enqaqent.com 

Director 

$8 per AD user 

Server 2008, 
Windows 2003, 
Win2K 

No 

Yes 

Ensim 

877-693-6746 

www.ensim.com 

Ensim Unify Active 
Directory Manager 

$15 per AD user 

Server 2008, 
Windows 2003, 
Win2K 

No 

Yes 

ManageEngine 

888-720-9500 

www.manaqeenqine 

.adventnet.com 

ADManager Plus 

Starts at $495 
standard, $795 
enterprise 

Windows 
2003,Win2K, 
Windows Vista, 
Windows XP 

Yes 

No 


ADAudit Plus 

Starts at $495 
standard, $795 
enterprise 

Server 2008, 
Windows 2003, 
Win2K, Vista, XP 

Yes 

Yes 

Microsoft 

800-426-9400 

www.microsoft.com 

System Center 
Operations Manager 

$32 per 
client, $157 
per server 

Server 2008, 
Windows 2003, 
Win2K, Vista, XP 

Yes 

Yes 

NetWrix 

888-638-9749 

www.netwrix.com 

Active Directory 

Change Reporter 

$3 per user, 

$5,000 for site 
license 

Server 2008, 
Windows 2003 

Optional 

Yes 

Quest Software 

949-754-8000 

www.quest.com 

ScriptLogic Active 
Administrator 

$13.50 peruser 
for 50-499 

users 

Server 2008, 
Windows 2003, 
Win2K 

Yes 

Yes (on DCs) 


Quest InTrust Plug-In 
for Active Directory 

$12 per 
enabled user 

Server 2008, 
Windows 2003, 
Win2K 

Yes 

Yes 


Quest ChangeAuditor 
for Active Directory 

$12 per 
enabled user 

Server 2008, 
Windows 2003, 
Win2K 

Yes 

No 

The Dot Net Factory 

877-996-4276 

www.adself 

servicesuite.com 

AD Self-Service Suite 

See vendor 

website 

Server 2008, 
Windows 2003, 
Win2K 

Yes 

Yes 

Visual Click Software 

512-330-0542 

www.visualclick.com 

DSRAZOR for Windows 

See vendor 

website 

Server 2008, 
Windows 2003, 
Win2K 

Yes 

Yes 


Editor's Note: All the information in this Buyer's Guide is supplied by vendors. Some vendors you might expect to see in this Buyer's Guide either 
didn't have a product that matched the criteria for the Buyer's Guide or didn't respond to our requests for product information. 
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AD AUDITING TOOLS ■ 


Predefined 

Compliance 

Reports? 

Real-Time 

Event Alerts? 

Generated Report 
Formats 

Change 

Consolidation? 

GPO 

Auditing? 

Roll Back AD 
Changes? 

SOX, HIPAA, 

National Institute 

of Standards and 
Technology (NIST) 

Yes 

PDF, HTML, 

Microsoft Excel 

Yes 

Yes 

No 

Yes 

Yes 

HTML, Excel 

No 

No 

No 

No 

No 

PDF, Excel, HTML, 

CSV, CSV Data 
Exchange (CSVDE) 

No 

No 

No 

Yes 

Yes 

PDF, Excel, HTML, 

CSV, CSVDE 

Yes 

No 

No 

Yes 

Yes 

XML, CSV, TIFF, 

PDF, Excel 

No 

No 

No 

SOX 

No 

PDF, HTML, Excel, 
email 

Yes 

Yes 

Yes 

No 

Yes 

PDF, Excel, Rich 

Text Format, 

HTML, TIFF, text 

No 

Yes 

Yes 

SOX, HIPAA, NIST 

Yes 

PDF, Excel, CSV, 

XML, HTML 

Yes 

Yes 

Yes 

SOX, HIPAA, NIST 

Yes 

PDF, Excel, CSV, 

XML, HTML 

Yes 

Yes 

No 

No 

No 

PDF, HTML, Excel 

No 

No 

No 

No 

No 

HTML, Excel 

No 

No 

No 
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■ INDUSTRY BYTES 


■ SharePoint 


■ Windows 7 


INSIGHTS FROM THE INDUSTRY 


Boosting Business Relationships with SharePoint 


Although SharePoint has evolved into a 
first-rate platform for information sharing 
and collaboration among users within 
organizations, much of what makes Share- 
Point so valuable is the ability to share 
information with people outside your 
company—partners, customers, and ven¬ 
dors. Of course, opening up your collabora¬ 
tive environment to entities outside your 
enterprise is like opening a Pandora's box 
of security and compliance problems and 
it presents a tremendous number of head¬ 
aches for your IT department. For example, 
how do you easily control who can access 
what information and for how long? And 
how do you quickly provide that access 
when IT departments are already taxed to 
the max? To answer some of these ques¬ 
tions, I recently talked with Nigel Simmons, 
vice president of product management 
for Epok, a company that develops access 
management solutions. 

"Back in 2005, a lot of the talk com¬ 
ing out of the post 9/11 era was that that 
there was a large information-sharing 
problem within government," Simmons 
said. "There was a big push into the infor¬ 
mation¬ 
sharing space, and Epok invested a fair 
amount into creating an underlying tech¬ 
nology that would allow, for example, fed¬ 
eral information to be shared with states 
and local governments."With the release 
of the 2007 versions of SharePoint, Epok 
could see that using SharePoint for extra¬ 


nets was going to be big and came up 
with a product based on this underlying 
technology that integrated closely with 
SharePoint. The product, Epok Edition 
for Microsoft SharePoint, lets companies 
manage extranet access while improving 
information security and compliance. 

"Today's extranets are not your grand¬ 
parents' extranet," said Simmons. "Extranets 
used to be a large number of potential 
customers or suppliers looking at a fairly 
well-crafted, perhaps slow-moving website 
where information was added or updated 
in a fairly methodical and process-con¬ 
trolled way. But once you get SharePoint in 
the mix, you're moving at business speed. 
You've got business users controlling 
content and access and trying to address 
business relationships, so the extranet has 
demands that go beyond what extranets 
have been in the past." 

According to Simmons, the develop¬ 
ment of Epok Edition for Microsoft Share- 
Point was driven by three questions: 

1. How do you provide secure and 
compliant access to an extranet? 

2. How do you serve the need for busi¬ 
ness agility? Businesses depend on the 
ability to operate quickly. For example, 
suppose your company is bidding on a 
project and needs partners to bid with. You 
decide to set up a SharePoint site and go 
after that business, but you have to wait 
on IT to provision user accounts, control 
groups, or create websites. 


3. How do you provide for collabora¬ 
tion on an enterprise scale—not just 
across a single SharePoint site, but across 
site collections and SharePoint farms? 

And how do you make sure you have the 
right tools to monitor and control access 
and provide the right visibility for what's 
happening across that information 
collection? 

Epok Edition for Microsoft SharePoint 
resolves these questions by operating in 
a business context. Rather than treating 
users as individuals and trying to assign 
permissions to individuals, the product 
addresses the business user or logical 
group that you're working with, letting you 
set up terms and conditions for that user or 
group. When users enter the extranet site, 
they immediately see the type of informa¬ 
tion they can access, as well as the require¬ 
ments they need to follow for using that 
information. 

What makes the solution even more 
intriguing is that IT departments can 
authorize SharePoint site administrators 
to provision extranet users, reducing the 
number of provisioning requests IT has to 
handle. Plus, extranet users can be given 
authorization to nominate other users for 
site access without involving IT. Forward- 
thinking companies are using SharePoint 
for their extranets to maximize their busi¬ 
ness relationships. Epok's SharePoint add¬ 
on helps them maintain their agility while 
preserving secure, compliant information 
access—with little additional work for 
overburdened IT departments. 

You can learn more about Epok Edition 
for Microsoft SharePoint at www.epok.net . 
You can also find more information about 
extranets in the article "Using SharePoint 
for Extranets," InstantDoc ID 99650 . 

—Gayle Rodcay 

InstantDocID 100593 


Wanted: Your Real-World Experiences with Products 

Have you discovered a great product that saves you time and money? Do you use 
something you wouldn't wish on anyone? Tell the world in a review in 
What's Hot: Readers Review Hot Products. If we publish your opinion, we'll 
send you a Best Buy gift card and a free VIP subscription to Windows ITProl 
Send information about a product you use and whether it helps you or 
hinders you to whatshot@windowsitpro.com. 
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Our Clients Can’t Find Quality, Local Technicians 


Remote Data Backups, Inc. is a fast growing on¬ 
line backup company with many thousand clients 
worldwide. We need qualified computer special¬ 
ists to help support our clients with their “onsite” 
needs like hard-drive replacements, motherboard 
issues, video crashes, etc. We are strictly a backup 
company and our clients frequently need quality 
help. You must represent Remote Data Backups 
trusted brand reputation and be able to communi¬ 
cate to non-technical users. 

We are the industry standard for online backups. 
All qualified candidates will be included in our 
FREE reseller program. 


GOOD 


IF YOU ARE^ _^ 

JOIN OUR TEAM TODAY AT NO-COST TO YOU: 


www.remotedatabackups.com/jobs (no phone calls pis) 


REM 




DATA BACKUPS 


JUST INSTALL IT! 


P.O.Box 543 
Fort Collins, Co 80522 


Are 1m IIS Servers Uttiler Atterk? 


trollk with ThreatSentry 


0- 

I threa tsentr y 

IISWebiippkfliitfirmiltiK 



download free trial 

'IIS web application firewalls IPS 
’ stops known, new and internal threats 
’ blocks sql in|ection, xss, dos and more 
' reinforces regulatory compliance 

sales@privacYware.coiii » www.priva(ywnre.[oin ■ 732.212.81 10 x235 


#1 for Hardware-Independent Imaging 
The Universal Imaging Utility 


Next generation disk imaging for your business 

The Universal Imaging Utility (UlU), from Big Bang, works hand- 
in-hand with your existing disk-imaging software, enabling 
creation of a truly hardware-independent master Image for 
rollouts, migrations and deployments. 

What UlU can do for you 

• Create a hardware-independent Image file for laptops 
and desktops 

• Use with all major Imaging utilities (Ghost, Acronis, Altiris, 
ZENworks, Vista) 

• Includes a 25,000+ driver database, maintained to ensure ^ 
support for new hardware 

• Reduce the time spent on creating, maintaining and ^ 

updating multiple Images 


FRtt 1 


"With the UlU, we 
reduced the number of 
images from 26 to 2. We 
have also been able to 
accept competitive 
bidding for new 
workstation acquisitions, 
which saved us almost 
$20,000 on our most 
recent 100 unit 
purchase." 

David R, Pension Benefit 
Guaranty Corporation 


WWW. Hardware-lndependent.com / 


- 

Visit Hardware-lndependent.com or call 888 446 7898 (toll free). 

Download a free 30-day trial or attend a webinar to see how the UlU can simplify your cloning process. 
Binary Research International is the exclusive distributor of UlU. 
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■ INDUSTRY BYTES 

Windows 7 Will Be Windows 6.1 




Microsoft corporate vice president Mike Nash announced that 
the new version of Windows will be called Windows 7—but that 
its version number will be 6.1. Nash said, "There's been some 
fodder about whether using 6.1 in the code is an indicator of the 
relevance of Windows 7. It is not. Windows 7 is a significant and 
evolutionary advancement of the client operating system. It is in 
every way a major effort in design, engineering, and innovation. 
The only thing to read into the code versioning is that we are 
absolutely committed to making sure application compatibility 
is optimized for our customers." 

This statement is right in line with Microsoft's policy of call¬ 
ing Windows 7 a major release while denying any changes that 
are likely to be considered major. (Based on what we've heard 
about Windows 7 from Microsoft, the stated plans don't seem to 
be major ones.) Microsoft certainly has reason to want Windows 
7 to be seen as a major release. Vista has a pretty bad reputa¬ 
tion, whether or not it's deserved. If Windows 7 is perceived as 
nothing more than Vista SP3 or Vista R2, it could inherit that 
reputation. 

So what have version numbers meant in the past? Micro¬ 
soft's non-Windows NT OSs went from being known by version 
numbers to Windows 95, which had an internal version of 4.0. 


Windows 98 was 4.1 and 
Windows Me was 4.9. On 
the NT side, Windows 
2000 was version 5.0. 

Windows XP was ver¬ 
sion 5.1. Windows 2003 
was 5.2, and Vista and 
Windows Server 2008 are 
both version 6.0. 

Windows saw hefty 
changes from 95 to Win¬ 
dows Me, but those all 
fit under the same ver¬ 
sion number, so maybe 
Windows 7 can be a major release and still be 6.1.1 need to see 
some major announcements about technological or Ul changes 
in Windows 7 before I believe it, though. 

Major release or not, nearly everyone can agree that it's confus¬ 
ing that Windows 7 is neither the seventh release of Windows nor 
version 7 of Windows. 

—Zac Wiggy 

InstantDocID 100559 


It's confusing 
that Windows 7 
is neither the 
seventh release 
of Windows nor 
version 7 of 
Windows. 
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DIRECTORY OF SERVICES 


AD INDEX 


Windows IT Pro Network 


Search our network of sites dedicated to hands-on 
technical information for IT professionals. 

www.windowsitpro.com 

Support 

Join our discussion forums. Post your questions 
and get advice from authors, vendors, and other IT 
professionals. 

www.windowsitpro.com/forums 

News 

Check out the current news and information about 
Microsoft Windows technologies. 

www.wininformant.com 


EMAIL NEWSLETTERS 

Get free NT/2000/XP/2003 news, commentary, and 
tips delivered automatically to your desktop. 
Essential Bl UPDATE 
Exchange & Outlook UPDATE 
.NETBriefing 
Scripting Central 
Security UPDATE 
SQL Server Magazine UPDATE 
Virtualization UPDATE 
Vista UPDATE 
Windows IT Pro UPDATE 
Windows Tips & Tricks UPDATE 
Wininfo Daily UPDATE 

www.windowsitpro.com/email 

RELATED PRODUCTS 

Custom Reprint Services 

Order reprints of Windows IT Pro an\c\es. Contact 
Joel Kirk at ikirk@penton.com. 

Super CD/VIP 

Get exclusive access to all of our print publications, 
including Windows IT Pro, via the new, banner-free 
VIP Web site. 

www.windowsitpro.com/sub/vip 

Article Archive CD 

Access every article ever printed in Windows IT Pro 
magazine since September 1995 with this portable 
and speedy tool. 

www.windowsitpro.com/sub/cd 

SQL SERVER MAGAZINE 

Explore the hottest new features of SQL Server, and 
discover practical tips and tools. 

www.sqlmag.com 


ASSOCIATED WEB SITES 

WindowsDev Pro 

Discover up-to-the-minute expert insights, infor¬ 
mation on development for IT optimization, and 
solutions-focused articles at WindowsDevPro.com, 
where IT pros creatively and proactively drive busi¬ 
ness value through technology. 

w w w. wi ndowsd evpro.com 

Office & SharePoint Pro 

Dive into Microsoft Office and SharePoint content 
offered in specialized articles, member forums, 
expert tips, and Web seminars mentored by a com¬ 
munity of peers and professionals. 

w w w.off i ces ha repoi ntpro.com 
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■ CTRL+ALT+DEL 

by Jason Bovberg 


Murphy's Law is the old adage that states, "If anything can go wrong, it will "More broadly stated, "If 
a job or task has more than one possible outcome, and one of those outcomes will result in disaster, 
somebody will do it that way." Alternatively, of course, "Whatever can go wrong will go wrong, and 
at the worst possible time, in the worst possible way."Murphy's Law certainly has its place in IT. Here 
are 10 Murphy's Laws in IT that we've come up with. (Thanks to staff writers Caroline Marwitz, Brian 
Reinholz, Brian Winstead, and Gayle Rodcay, and reader Joe Kowtko.) Have any to share? 


WE NEED YOUR 
USER STORIES! 

Ever have one of those days 
when users unintentionally 
tickle your funny bone? Ever not 
have one of those days? We've 
published several hilarious end- 
user moments in this space, and 
we want to hear some more! 

In 150 words or fewer, send 
your greatest, funniest, most 
embarrassing user experience 
to rumors(S)windowsitpro.com, 
and we might just publish it on 
this page. We'll even send you 
a Ctrl-FAIt-FDel 



■ ’ 


Law of Cable Connectivity: If you need a spe¬ 
cific cable, the probability that you will have 
the correct type readily available is precisely 
equal to zero. 

Law of Crash Probability: The chances of 
a system going down over the weekend 
you're on call increase in direct propor¬ 
tion to the amount of fun you're having. 
(A corollary is that the system will never go 
down on the weekend you're on call while 
spending the day with the in-laws.) 

Law of Elimination: For any system problem, 
the correct solution—among many potential solu 
tions—will always be the last one you try. 

Law of Expectation: The expectations of your user base will 
always outpace the feature sets of your installed upgrades. 

Law of Infinite Fortitude: The typical user will wait until 
the last minute before exposing the change that created any 
given problem. 



Law of inopportune Failure: A device will 
always fail precisely at the most inconvenient 
moment. 

Law of IT Communication: If you're on call but 
decide to go out on the town, the quality of your 
mobile connection will decrease as the seriousness of the problem 
increases. 

Law of Security Breach: If there's a minor hole anywhere in your 
system's securityfor even a miniscule span of time, it will be breached 
and fully exposed. 

Law of Sole Responsibility: If you're the only IT person 
at your company, the likelihood that your servers 
will crash is inversely proportional to the amount 
of time left before you leave on your first-ever 
vacation. 

Law of Selective Gravity: Cups containing 
liquids, and trays containing small objects, 
are subject to a magnetic force pulling them 
toward any exposed and vulnerable hardware. 
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Problem Exists Between Keyboard and Chair (PEBKAC) 
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Introducing, 


Sunbelt m 

^ _ ■ 


Exchange Archiver 

^ SHuL 1 - 


Finally^ Affordable Enterprise-Class Archiving 


Introducing Sunbelt Exchange Archiver. Sunbelt 

Exchange Archiver (SEA) is a robust new product which 
delivers real enterprise-class email archiving, at a price that 
won’t break your budget. Get comprehensive legal and 
regulatory compliance. Reduce your Exchange storage by 
up to 80 %. Securely store emails on your choice of media, 
using the built-in Hierarchical Storage 
Management. And, find archived emails 
rapidly with full-text search for e-discovery 
or compliance. 


Compliance, e-Discovery, and legal 
readiness. If you need to archive emails 
for regulatory or legal reasons, SEA has 
you fully covered. Emails are stored in 
their original form, in whatever secure 
media you prefer, with complete flexibility 
on retention. Need to find an archived 
email? Simply use SEAs powerful 
integrated full-text search of emails and 
attachments, and you’ll be ready at a 
moment’s notice for e-discovery or legal 
requests. 

Seamless end-user experience. SEA 

is fully transparent for your users, whether 
they’re running Outlook, OWA, Blackberry 
devices or even Entourage on the Mac - with 
no special client software needed. Trusted 
end users can be delegated granular authority 
with the included web-interface or optional Outlook 
add-in. They can do off-line synchronization, and search, 
edit, forward, move or delete archived emails. 



Most Valuable Product 


Up to 80% smaller message store. With SEA, you’ll 
dramatically reduce your Exchange storage. The benefits are 
clear: faster backup times, better Exchange performance, 
and faster recovery. 

Journaling not required. It’s a fact that using the 

Exchange Journaling mailbox for archiving 
dramatically affects server performance. 
With SEA, Journaling is an option - the 
program’s breakthrough Direct Archiving 
feature stores all emails immediately after 
they are received, keeping load off the 
Exchange server. 


"Exchange performance 
is suffering. Your users 
compiain about emaii 
storage. Your CEO wants 
iegai compiiance. 

Now what?" 



— 


m 
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No more PST headaches! SEA gets 
rid of pesky PST files that are a major 
admin headache. SEA automatically finds 
them, imports them, and makes them part 
of your user’s archive. 

Great for disaster recovery. No 

matter where you email is stored, business 
continuity is assured with SEA. Using the 
included web client, users can continue to 
see and use their email even if Exchange is 
down. 

Archiving’s time has come for 
everyone. Contact us today and see how 
SEA solves your legal and compliance 
headaches and immediately improves the performance of 
Exchange - while saving critical budget dollars. 



Sunbelt Software 


Get a Free Quote and See How Cost-effective Sunbelt Exchange Archiver Really Is! 

Email sales@sunbeltsoftware.com or call 888-688-8457 


Sunbelt Software Tel: 1-888-688-8457 or 1-727-562-0101 Fax:1-727-562-5199 www.sunbeltsoftware.com sales@sunbeltsoftware.com 

© 2007-2008 Sunbelt Software. All rights reserved. Sunbelt Exchange Archiver is a trademark of Sunbeit Software. All trademarks used are owned by their respective owners. 






















From: I need a separate reporting server 

To: Comprehensive, free reporting - 
all on a single appliance 


NO-NONSENSE 


StBernard 




WEB FILTERING 


FLIP THE SWITCH 

Get your FREE iPrism® Switch Kit today: 


That's what you'll get when you switch to iPrisnn from 
St Bernard - the award-winning web filter that's easier 
in every way, and less expensive to own. 

iPrism is changing the way companies and schools 
everywhere handle their web filtering. With blaz¬ 
ing throughput speeds up to 100+ Mbps, anti-virus 
protection and seamless XenApp and Active Directory 
integration, iPrism is the appliance-based solution of 
choice for customers and institutions of any size. 

Find out more about the easiest-to-deploy, most 
highly rated web filtering solution ever-the industry's 
ONLY Citrix-ready web filtering appliance. 


FREE 30-day onsite evaluation 

that can be deployed without any client or 
network changes 

FREE enhanced technical support 

for setting up nnatching policies, reports & alerts 
based on your current settings 

INCENTIVE PRICING & A FREE T-SHIRT 

just for watching a live denno 



iPrism® h-Series, the world's #1 Web Filtering appliance. 

© 2008 St Bernard Software, Inc. 


Call 1.800.782.3762 or go to www.SwitchToiPrism.com 





























